Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

How to launch Intruder attack from command line

Louis | Last updated: Aug 31, 2017 10:25AM UTC

Hi, I would like to know if there is a way to record an Intruder attack so that it would be possible to launch it again from command line. The idea is to automatically launch fuzz testing. Through my research, I saw it might be possible to do so for scan and spider with Burp extender Carbonator, but nothing seems to be available for the intruder feature : https://support.portswigger.net/customer/portal/questions/16131860-how-do-i-automate-intruder-attack- https://support.portswigger.net/customer/portal/questions/16131823-how-do-i-automate-burp-intruder- In this thread : https://support.portswigger.net/customer/portal/questions/16672914-integration-of-burp-with-jenkins Liam Tai-Hogan talked about a possible Burp pre-release that could handle CI integration toward the end of 2017, do you have any news about that? Thanks

Liam, PortSwigger Agent | Last updated: Aug 31, 2017 12:38PM UTC

There is no way to launch an intruder attack from the command line. The best way to perform automated fuzzing would be to create an extension or custom active scan check: - https://portswigger.net/burp/extender/ You could create an custom active scan check and use the Flow extension to view the requests and responses. - https://github.com/PortSwigger/example-scanner-checks - https://portswigger.net/bappstore/bapps/details/ee1c45f4cc084304b2af4b7e92c0a49d We are still aiming towards the end of 2017 to release the pre-release of Burp Enterprise Edition.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.