Support Center

Burp Community

See what our users are saying about Burp Suite:

How do I?

New Post View All

Feature Requests

New Post View All

Burp Extensions

New Post View All

Bug Reports

New Post View All
Documentation

Burp Suite Documentation

Take a look at our Documentation section for full details about every Burp Suite tool, function and configuration option.

Full Documentation Contents Burp Projects
Suite Functions Burp Tools
Options Using Burp Suite
Extensibility

Burp Extender

Burp Extender lets you extend the functionality of Burp Suite in numerous ways.

Extensions can be written in Java, Python or Ruby.

API documentation Writing your first Burp Suite extension
Sample extensions View community discussions about Extensibility
Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Filter Results Intruder

James Ricky Apr 13, 2017 04:12PM UTC

Hey, I recently started using Burp and I preformed an intruder test using cluster bomb with two payloads (user & pass).

I had approximately 1 million requests sent to the local server. The problem is that there is only one way to find out if any of the payloads successfully worked/got a hit.

And that way is to either check "Response 1" (there are two responses) for the value of "Location" (since this is the only indicator that the payload worked). The other way is to check "Request 2" for the value of the GET Header Request and see the URL Location there.

Exporting the file is a pain considering there are over 110 million lines.

I have the pro version of burp and I am able to use the filtering using search terms in Intruder, although I do not know if it's possible to search "Response 1" tab (rather than the second response which is useless) or the "Request 2" tab.

I could in theory redo the attack and change some settings so it's easier to filter, but doing one million requests took me about 24 hours. I do not want to wait again.

How can I filter my result using the criteria described above? If it's not possible with Burp, which tool should use?

Thanks for all answers.


Liam Tai-Hogan Apr 13, 2017 04:18PM UTC Support Center agent

Hi James

Thanks for your message.

Have you tried configuring the settings in Intruder > Options > Attack results.

These settings control what information is captured in the attack results. You can select with the Intruder attack will store requests or responses.

Please let us know if you need any further assistance.


James Ricky Apr 13, 2017 04:33PM UTC
Hi,

I have not touched the default settings:
http://imgur.com/3l2HyT6

I am trying to filter the attack results I currently have. I really do not want to redo the attack as it takes too long. Do you have any suggestions on how to filter the current result to show what I want rather than redoing the attack?

James Ricky Apr 14, 2017 02:43AM UTC
Is it at all possible to save the "Response 1" data gathered by the intruder? Or the "Request 2" data?

I have saved the server responses, but these only include the "Response 2" tab. I have also selected some items and saved them, but these do not include "Response 1" nor "Request 2" data made by Burp suite.

Is there anyway to either filter the result I have gotten from the attack or anyway to save those data gathered by Burp?

I just need to see if the redirection after the first request is to a specific url and if it is, save the payload since it's a successful paypal.

For example if:
Payload 1 = Admin
Payload 2 = Password
www.example.com/LoginSuccessful.php

This is the only way to know if the payload worked or not (by checking the second request or the first response).

Any ideas how to filter for these results?

Liam Tai-Hogan Apr 18, 2017 08:26AM UTC Support Center agent

Hi James

Have you tried using the filter bar in the attack window? You could try filtering by a specific search term that only appears when the redirect is followed.


Post Your public answer

Your name
Your email address
Answer