Let's assume we have already set Burp Suite as a proxy for our browser and have visited WackoPicko (http://192.168.56.11/WackoPicko). Refer to the following steps:
- In the Target or Proxy tabs, find a request to the WackoPicko's root URL, right-click on it, and select Send to Intruder:
- Then change to the Intruder tab and then to the Positions tab; you'll see some fields in the request highlighted and surrounded by § symbols. These are the inputs Intruder is going to change on every request. Click on the Clear button to remove all of them.
- After the last / in the URL we add any character, say an a for example, select it, ...