Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Advanced payload positioning system in Intruder

Jeroen | Last updated: May 30, 2016 11:40AM UTC

Problem: Currently, payload positions are based on where exactly the payload is positioned in the document. This is a very static approach has some drawbacks: - Difficult to correlate payload with payload-number if there are a lot of different payload positions. I'm often switching back and forth between the tabs to see which payload is which - Not possible to assign the same payload to different payload positions if not using 'battering ram'. Currently, I need the exact same payload in 2 positions, but a different one in a third position. - If you decide to add a payload position in the middle, all subsequent payloads change number - ... Suggestion: Let the user specify a name/number for each payload position: Cookie: session=$SESSIONCOOKIE$fda28fbc12$; bigip=$BIGIPCOOKIE$59ad33f$ In the intruder dropdown, you would see "sessioncookie" and "bigipcookie". Numbers could also be supported ($1$---------$). It should be possible to define the same payload location twice, after which the same payload will be used at those two locations. This would solve all issues listed above and would make it a lot nicer to work with in general.

PortSwigger Agent | Last updated: May 31, 2016 10:09AM UTC

Thanks for this useful suggestion. We'll look into adding this capability next time we have a feature push on Intruder.

Burp User | Last updated: Apr 26, 2018 02:30PM UTC

We are still waiting this nice feature !

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.