The flight of the intruder
Burp Suite also includes some more focused tools and the Intruder is one that allows for some serious automation of field manipulation, which is really useful for things like injection attempts and brute-force attacks. Intruder is a fuzzer on steroids. When we find an HTTP request that looks like a good candidate for any of these sorts of attacks, we can identify the fields (Burp calls them positions) we think can be tweaked and then ask Intruder to apply what Burp calls payloads to each of them, which are either from prebuilt lists or generated through some tried-and-true algorithms. Because intruder can do this across multiple positions, it is a huge time saver for us and provides exhaustive test coverage.
Intruder's ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access