icon

Automate Sequence Requests with Burp Intruder

Last modified: 2023-08-14

By using Intruder in Burp Suite, we can send sequence requests to websites.

Automation

  1. "Project options" -> "Sessions" -> "Session handling rules" panel -> Click "Add".
  2. The "Session handling rules editor" opens.
  3. "Scope" tab -> Select "Include all URLs".
  4. "Details" tab -> Under "Rule actions" -> Click "Add" -> "Run a macro" -> Under "Select macro" -> Click "Add".
  5. The "Macro Recorder" opens.
  6. Select the sequence of requests as follows: POST /message/submit GET /message POST /account
  7. Click "OK".

Manage Parameters

  1. In the list of requests, select the requests in which specific value used POST parameter changes.
  2. Click "Configure item" -> Dialog opens -> Click "Add" -> Enter the name of the parameter.
  3. Highlight the value in the response code.
  4. Click "OK" twice to go back to the Macro editor.
  5. Select the POST request in which using the above value for parameter.
  6. Click "Configure item" -> In the "Parameter handling" section -> drop-down to menus to specify the parameter name to be "derived from the prior response (response 4)" -> Click "OK".
  7. In the Macro editor -> Click "Test macro" to check if the sequence does correctly.
  8. Send the arbitrary request to the Burp Intruder.
  9. Select "Sniper" attack type.
  10. On the "Payloads" tab -> select the payload type "Null payloads" -> Under "Payload options" -> enter the arbitrary number of payloads.
  11. Start the attack.