Shulou(Shulou.com)06/02 Report--

What is the function of Intruder module in Burpsuite? aiming at this question, this article introduces the corresponding analysis and solution in detail, hoping to help more partners who want to solve this problem to find a more simple and feasible method.

I. brief introduction

The Intruder module is used to automate the attack on Web applications. The general process is as follows: set the proxy and open the interception request, send the intercepted data packets to the Intruder module, add the parameters that need to be attacked, set the parameter dictionary, and start the attack.

II. Target function

Open the proxy, intercept the request packet, right-click at Raw or click Action, and send it to the Intruder module. The domain name or ip address of the target server will be automatically filled in here, and you can identify whether it is HTTP or HTTPS protocol.

Third, Positions function and payloads function, take the password of blasting account as an example

1. After the interceptor packet is sent to the Intruder module, the parameters in the packet will be automatically identified. Click Clear on the right to clear it.

2. If you know the account number and do not know the password, select the password, click the Add on the right, and add it to the parameter to be exploded. The attack mode is Sniper.

3. Set the dictionary to be exploded, select Payloads,payload as the file type, and click to start the attack.

4. According to the packet length returned by the scan result, it is found that one value is different, indicating that this is a password. Take a look at the corresponding information below to find a message after a successful login.

5. If you do not know the account or password, it is also a burst parameter to continue to add the account. Pitchfork is the attack mode.

6. Set payload, which requires setting two dictionaries, adding the username dictionary to the first parameter, adding the password dictionary to the second parameter, and starting the attack

7. The scan results are as follows

8. Summary of four attack modes

Sniper sniper rifle mode, which only detects one location. Multiple parameter tests can be added, but only one parameter can be replaced at a time.

Battering ram siege hammer mode, using a Payload for multiple locations. For example, if the user name and password are the same, only one dictionary is used.

Pitchfork single-fork mode, using different Payload for multiple locations. The user dictionary and the password dictionary must correspond one to one

Cluster Bomb hormone gun mode, for multiple positions, all combined. All are matched and verified.

9. Payload Processing encrypts or modifies the generated payload, such as converting dictionaries to uppercase

IV. Options function

1. The Request Headers request header is checked by default. The packet length is automatically updated after the packet is modified.

2. Request Engine request engine, setting the number of threads, the number of reconnections, and the pause time before retry

3. Attack Results sets the attack result

4. Grep-Match finds an item with the specified content in the response

5. Grep-Extract gets the specified content of the response through the regular expression

6. Redirections redirect settings. If you encounter a redirected web page, you can choose how to handle it. Go directly to the redirect address or not.

The answer to the question about the role of the Intruder module in Burpsuite is shared here. I hope the above content can be of some help to you. If you still have a lot of doubts to be solved, you can follow the industry information channel to learn more about it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.