PROFESSIONAL

Burp Intruder workflow tools

  • Last updated: January 27, 2023

  • Read time: 3 Minutes

You can carry out actions on the attack results as part of your workflow. Right-click on any item in the results table to access the actions in the context menu.

Scan

Send selected items to Burp's scanner, to scan for content or vulnerabilities.

Send to...

Send selected items to other Burp tools, such as Repeater, or Comparer. This enables you to perform further analysis and use Burp to drive your workflow.

Related pages

The ability to send requests between tools forms the core of Burp's user-driven workflow. For more information, see How to use Burp Suite for penetration testing.

Show response in browser

Generate a unique URL for the response. Copy this and paste it into Burp's browser to render the response without the limitations of Burp's built-in HTML renderer.

Burp serves the resulting browser request with the exact response that you select: the request is not forwarded to the original web server. Burp's browser processes the response in the context of the originally requested URL. This means that relative links within the response are handled properly.

When Burp's browser renders the response it may make additional requests, for example for images or CSS. These are handled by Burp in the usual way.

Request in browser

Resend requests in Burp's browser:

  • In original session - Resend the request using the cookie header that appeared in the original request.
  • In current session - Resend the request using the cookies supplied by the browser.

Generate CSRF PoC

Create HTML which causes the selected request to be issued when viewed in a browser. For more information, see Generate CSRF PoC.

Add to site map

Add the selected items to the Target site map. This is useful when you identify new resources on the server which have not been added to the site map.

Request item again

Queue the selected items to be requested again by the attack engine. When the items are re-requested, the table entry for the items, and associated HTTP messages, are updated based on the new request. This is useful when:

  • Attack requests have failed due to network errors, or received an anomalous server response due to some intermittent problem.
  • You have modified the base request or other relevant configuration during the attack, and want to re-request items that were based on the original configuration.

Define extract grep from response

Open the response extraction rule dialog, and create a new extract grep item from the response. This enables you to extract the interesting part of the response. This is useful when an attack request generates a different type of response than the base request, as it enables you to quickly review the contents of similar responses. For example:

Copy as curl command

This copies a curl command to the clipboard, that can be used to generate the current request.

Add comment

Add a comment to the selected items.

Highlight

Apply a highlight to the selected items.

Parse the selected items for links, and copy these to the clipboard.

Save item

Save the details of selected items in XML format. This includes full requests and responses, and all relevant metadata such as response length, HTTP status code, and MIME type.

Was this article helpful?