Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Filter Results Intruder

James | Last updated: Apr 13, 2017 04:12PM UTC

Hey, I recently started using Burp and I preformed an intruder test using cluster bomb with two payloads (user & pass). I had approximately 1 million requests sent to the local server. The problem is that there is only one way to find out if any of the payloads successfully worked/got a hit. And that way is to either check "Response 1" (there are two responses) for the value of "Location" (since this is the only indicator that the payload worked). The other way is to check "Request 2" for the value of the GET Header Request and see the URL Location there. Exporting the file is a pain considering there are over 110 million lines. I have the pro version of burp and I am able to use the filtering using search terms in Intruder, although I do not know if it's possible to search "Response 1" tab (rather than the second response which is useless) or the "Request 2" tab. I could in theory redo the attack and change some settings so it's easier to filter, but doing one million requests took me about 24 hours. I do not want to wait again. How can I filter my result using the criteria described above? If it's not possible with Burp, which tool should use? Thanks for all answers.

Liam, PortSwigger Agent | Last updated: Apr 13, 2017 04:14PM UTC

Hi James Thanks for your message. Have you tried configuring the settings in Intruder > Options > Attack results. These settings control what information is captured in the attack results. You can select with the Intruder attack will store requests or responses. Please let us know if you need any further assistance.

Burp User | Last updated: Apr 13, 2017 04:33PM UTC

Hi, I have not touched the default settings: http://imgur.com/3l2HyT6 I am trying to filter the attack results I currently have. I really do not want to redo the attack as it takes too long. Do you have any suggestions on how to filter the current result to show what I want rather than redoing the attack?

Burp User | Last updated: Apr 14, 2017 02:43AM UTC

Is it at all possible to save the "Response 1" data gathered by the intruder? Or the "Request 2" data? I have saved the server responses, but these only include the "Response 2" tab. I have also selected some items and saved them, but these do not include "Response 1" nor "Request 2" data made by Burp suite. Is there anyway to either filter the result I have gotten from the attack or anyway to save those data gathered by Burp? I just need to see if the redirection after the first request is to a specific url and if it is, save the payload since it's a successful paypal. For example if: Payload 1 = Admin Payload 2 = Password www.example.com/LoginSuccessful.php This is the only way to know if the payload worked or not (by checking the second request or the first response). Any ideas how to filter for these results?

Liam, PortSwigger Agent | Last updated: Apr 18, 2017 08:18AM UTC

Hi James Have you tried using the filter bar in the attack window? You could try filtering by a specific search term that only appears when the redirect is followed.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.