Back to course

Burp Suite III: Basic Intruder Usage

Cyber Security Mastery: From Zero to Hero

Automated Repetitive Attacks

The Intruder tool is Burp Suite's most powerful attack engine. It is designed to automate repeated requests (like brute force, dictionary attacks, or fuzzy testing) using customized payloads.

Intruder Workflow

  1. Send an intercepted request to the Intruder tab.
  2. Positions Tab: Select the parameter(s) you want to test (e.g., the password field). These are marked as 'Payload Positions'.
  3. Payloads Tab: Configure the attack type (Brute Force, Dictionary) and load the payload list (e.g., a username list).
  4. Start Attack: Intruder runs the specified list of payloads against the marked positions.

Security Insight: Intruder is ideal for testing:

  • Brute-forcing login forms.
  • Enumerating valid usernames.
  • Testing for Cross-Site Scripting (XSS) by injecting hundreds of test payloads into a search box.