Burp Intruder is meant for exploitation and automating attacks. Most of the attacks against web applications are about sending them a lot of data and making sense of the responses. Therefore, Intruder is a very good and efficient request sender and response collector. The tool is incredibly flexible and infinitely customizable. That is great once you have the hang of it, but can be a bit overwhelming for someone just starting out.

The best way to get started is to find a request that has parameters that can be fuzzed. A login form is a good example where we can check for weak credentials by simulating a dictionary attack using the Intruder tool.

First, we choose an interesting-looking request that can and should be automated. A few examples ...

Get Burp Suite Essentials now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.