In this video walk-through, we covered BurpSuite Intruder, Comparer, Sequencer and Extender as part of TryHackMe Junior Penetration Tester Pathway.. This was part of TryHackMe Burp Suite: Intruder.

Get Blue Team Study Notes

The Complete Practical Metasploit Framework Course

Challenge Description

Learn how to use Intruder to automate requests in Burp Suite & Take a dive into some of Burp Suite’s lesser-known modules.

Video Highlights

Room Answers

Ques 1: Which section of the Options sub-tab allows you to control what information will be captured in the Intruder results?
Ans 1: attack results

Ques 2: In which Intruder sub-tab can we define the “Attack type” for our planned attack?
Ans 2: positions

Ques 3: If you were using Sniper to fuzz three parameters in a request, with a wordlist containing 100 words, how many requests would Burp Suite need to send to complete the attack?
Ans 3: 300

Ques 4: How many sets of payloads will Sniper accept for conducting an attack?
Ans 4: 1

Ques 5: Sniper is good for attacks where we are only attacking a single parameter, aye or nay?
Ans 5: aye

Ques 6: What would the body parameters of the first request that Burp Suite sends be?
Ans 6: username=ADMIN&password=ADMIN

Ques 7: What is the maximum number of payload sets we can load into Intruder in Pitchfork mode?
Ans 7: 20

Ques 8: We have three payload sets. The first set contains 100 lines; the second contains 2 lines; and the third contains 30 lines. How many requests will Intruder make using these payload sets in a Cluster Bomb attack?
Ans 8: 6000

Ques 9: Which payload type lets us load a list of words into a payload set?
Ans 9: simple list

Ques 10: Which Payload Processing rule could we use to add characters at the end of each payload in the set?
Ans 10: add suffix

Ques 11: Which attack type is best suited for this task?
Ans 11: sniper

Ques 12: Either using the Response tab in the Attack Results window or by looking at each successful (i.e. 200 code) request manually in your browser, find the ticket that contains the flag. What is the flag?

Video Walkthrough

About the Author

Cybersecurity Trainer MS in Cybersecurity Expertise in Healthcare and Finance Industries Penetration tester and compliance auditor

View Articles