Burp Suite: Intruder
Burp Suite: Intruder
Embedded Files
Which section of the Options sub-tab allows you to control what information will be captured in the Intruder results?
Attack Results
In which Intruder sub-tab can we define the "Attack type" for our planned attack?
Positions
If you were using Sniper to fuzz three parameters in a request, with a wordlist containing 100 words, how many requests would Burp Suite need to send to complete the attack?
300
How many sets of payloads will Sniper accept for conducting an attack?
1
Sniper is good for attacks where we are only attacking a single parameter, aye or nay?
Aye
As a hypothetical question: you need to perform a Battering Ram Intruder attack on the example request above.
If you have a wordlist with two words in it (admin and Guest) and the positions in the request template look like this:
username=§pentester§&password=§Expl01ted§
What would the body parameters of the first request that Burp Suite sends be?
username=admin&password=admin
What is the maximum number of payload sets we can load into Intruder in Pitchfork mode?
20
We have three payload sets. The first set contains 100 lines; the second contains 2 lines; and the third contains 30 lines.
How many requests will Intruder make using these payload sets in a Cluster Bomb attack?
6000
Which payload type lets us load a list of words into a payload set?
Simple List
Which Payload Processing rule could we use to add characters at the end of each payload in the set?
Add suffix
Which attack type is best suited for this task?
Sniper
Either using the Response tab in the Attack Results window or by looking at each successful (i.e. 200 code) request manually in your browser, find the ticket that contains the flag.
What is the flag?
THM{MTMxNTg5NTUzMWM0OWRlYzUzMDVjMzJl}
Page updated
Google Sites
Report abuse