Harvesting useful data
Last updated: January 27, 2023
Read time: 2 Minutes
You can use Burp Intruder to extract interesting data from an attack. This information enables you to focus on the most critical items, and can feed into future attacks.
Step 1: Find a request
Find a request that contains an identifier in a parameter, and that has a response with interesting data about the identifier.
Step 2: Set a payload position
Configure a single payload position at the parameter's value.
Step 3: Set a payload type
Use a suitable payload type to generate potential identifiers to test, using the correct format or scheme.
Step 4: Set an extract grep
Configure the Grep - extract option to retrieve relevant data from each response. For more information on this option, see Burp Intruder options.
Step 5: Analyze the results
Sort the attack results by the extract grep expressions to identify any interesting information that has been extracted.
To copy and paste the data for further analysis, control-click the header.
You can configure your attack to harvest a wide range of useful data, for example:
- Extract password hint - Insert a list of common usernames into an application's forgotten password function. Configure an extract grep item to retrieve the password hint for each user. You can then scan these to identify ones that are easily guessed.
- Identify page title tags - Use the numbers payload type to cycle through page ID numbers. Configure an extract grep item to retrieve the HTML title tag for each page. You can then scan these to identify interesting pages.
- Identify user roles - Insert a list of known usernames into an application's user profile page. Configure an extract grep item to retrieve the role for each user. You can then identify administrative accounts for further attacks.
Was this article helpful?
An error occurred, please try again.