Automate Sequence Requests with Burp Intruder
By using Intruder in Burp Suite, we can send sequence requests to websites.
Automation
- "Project options" -> "Sessions" -> "Session handling rules" panel -> Click "Add".
- The "Session handling rules editor" opens.
- "Scope" tab -> Select "Include all URLs".
- "Details" tab -> Under "Rule actions" -> Click "Add" -> "Run a macro" -> Under "Select macro" -> Click "Add".
- The "Macro Recorder" opens.
- Select the sequence of requests as follows: POST /message/submit GET /message POST /account
- Click "OK".
Manage Parameters
- In the list of requests, select the requests in which specific value used POST parameter changes.
- Click "Configure item" -> Dialog opens -> Click "Add" -> Enter the name of the parameter.
- Highlight the value in the response code.
- Click "OK" twice to go back to the Macro editor.
- Select the POST request in which using the above value for parameter.
- Click "Configure item" -> In the "Parameter handling" section -> drop-down to menus to specify the parameter name to be "derived from the prior response (response 4)" -> Click "OK".
- In the Macro editor -> Click "Test macro" to check if the sequence does correctly.
- Send the arbitrary request to the Burp Intruder.
- Select "Sniper" attack type.
- On the "Payloads" tab -> select the payload type "Null payloads" -> Under "Payload options" -> enter the arbitrary number of payloads.
- Start the attack.