Quick post on timing options with Burp Intruder.
![]()
Say you need to brute force something. Many devices (like Juniper SSL VPNs) will tell you to go to hell if you throw too many failed attempts at it to quickly. That sux.
I regularly use Intruder to do my brute forcing for me, specially since you can add timing options.
You can intercept your request, send to intruder, then add a payload marker for the username (and password if you want to do username/username)
![]()
So if you just want to iterate through a list of usernames with the same pass, you just set the pass then go to payloads and add your userlist. Above, I'm doing username and username as the password and using the pitchfork attack type. ( I think Ken has gone over this in depth, so i'll stop explaining all that unless people ask for it).
![]()
Once that is set up, you can play with timing options from the options tab. This will adjust number of threads and how long to wait in between requests.
![]()
You may also want to send everything through tor. Check the Burp main options tab.
![]()
-CG![]()
Say you need to brute force something. Many devices (like Juniper SSL VPNs) will tell you to go to hell if you throw too many failed attempts at it to quickly. That sux.
I regularly use Intruder to do my brute forcing for me, specially since you can add timing options.
You can intercept your request, send to intruder, then add a payload marker for the username (and password if you want to do username/username)
Setting the payload spots
So if you just want to iterate through a list of usernames with the same pass, you just set the pass then go to payloads and add your userlist. Above, I'm doing username and username as the password and using the pitchfork attack type. ( I think Ken has gone over this in depth, so i'll stop explaining all that unless people ask for it).
Our list of usernames
Once that is set up, you can play with timing options from the options tab. This will adjust number of threads and how long to wait in between requests.
Timing options
-CG
