![]() ![]() This request will show as item #0 in the results table. Make unmodified baseline request - If this option is selected, then in addition to the configured attack requests, Burp will issue the template request with all payload positions set to their base values.Saving requests and responses consumes disk space in your temporary directory, but enables you to view these in full during an attack, repeat individual requests if necessary, and send them to other Burp tools. Store requests / responses - These options determine whether the attack will save the contents of individual requests and responses.These settings control what information is captured in the attack results. ![]() If you find that connection errors are occurring, that the application is slowing down, or that your own computer is locking up, you should reduce the thread count, and maybe increase the number of retries on network failure and the pause between retries. If you find that the attack is running slowly, but the application is performing well and your own CPU utilization is low, you can increase the number of threads to make your attack proceed faster. These alternatives can be useful if an attack is being configured which will be executed at some future point, or saved for future use.Ĭareful use of these options lets you fine tune the attack engine, depending on the performance impact on the application, and on your own processing power and bandwidth. Start time - This option lets you configure the attack to start immediately, or after a specified delay, or to start in a paused state.This option can be useful to test the session timeout interval enforced by the application. Alternatively, you can configure a variable delay (with a given start value and increment). This option is useful to avoid overloading the application, or to be more stealthy. Throttle between requests - Optionally, Burp can wait a specified delay (in milliseconds) before every request.If the server is being overwhelmed with traffic, or an intermittent problem is occurring, it is best to wait a short time before retrying. Pause before retry - When retrying a failed request, Burp will wait the specified time (in milliseconds) following the failure before retrying.Intermittent network failures are common when testing, so it is best to retry the request several times when a failure occurs. Number of retries on network failure - If a connection error or other network problem occurs, Burp will retry the request the specified number of times before giving up and moving on.Professional Number of threads - This option controls the number of concurrent requests the attack is able to make.These settings control the engine used for making HTTP requests in the Intruder attack. In some cases (when the server does not itself return a valid Content-Length or Transfer-Encoding header), this option may allow attacks to be performed more quickly. Set Connection: close - This option causes Intruder to add or update the Connection header with the value "close".If the correct value is not specified, then the target server may return an error, may respond to an incomplete request, or may wait indefinitely for further data to be received in the request. This feature is usually essential for attacks that insert variable-length payloads into the body of the template HTTP request. Update Content-Length header - This option causes Intruder to add or update the Content-Length header in each request, with the correct value for the length of the HTTP body of that particular request.These options can be used to update those headers per-request in ways that are normally helpful. Note that you have full control over the request headers via the request template in the payload positions tab. These settings control whether Intruder updates the configured request headers during attacks. You can edit these options in the main Intruder UI before launching an attack, and most settings can also be modified in the attack window when the attack is already running. This tab contains Intruder attack options for request headers, the request engine, attack results, grep match, grep extract, grep payloads, and redirections. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |