Burp Suite: Intruder

• Which section of the Options sub-tab allows you to control what information will be captured in the Intruder results?

Attack Results

• In which Intruder sub-tab can we define the "Attack type" for our planned attack?

Positions

• If you were using Sniper to fuzz three parameters in a request, with a wordlist containing 100 words, how many requests would Burp Suite need to send to complete the attack?

300

• How many sets of payloads will Sniper accept for conducting an attack?

1

• Sniper is good for attacks where we are only attacking a single parameter, aye or nay?

Aye

• As a hypothetical question: you need to perform a Battering Ram Intruder attack on the example request above.

If you have a wordlist with two words in it (admin and Guest) and the positions in the request template look like this:
username=§pentester§&password=§Expl01ted§

What would the body parameters of the first request that Burp Suite sends be?

username=admin&password=admin

• What is the maximum number of payload sets we can load into Intruder in Pitchfork mode?

20

• We have three payload sets. The first set contains 100 lines; the second contains 2 lines; and the third contains 30 lines.

How many requests will Intruder make using these payload sets in a Cluster Bomb attack?

6000

• Which payload type lets us load a list of words into a payload set?

Simple List

• Which Payload Processing rule could we use to add characters at the end of each payload in the set?

Add suffix

• Which attack type is best suited for this task?

Sniper

• Either using the Response tab in the Attack Results window or by looking at each successful (i.e. 200 code) request manually in your browser, find the ticket that contains the flag.

What is the flag?

THM{MTMxNTg5NTUzMWM0OWRlYzUzMDVjMzJl}