-
Notifications
You must be signed in to change notification settings - Fork 221
/
Copy pathBappDescription.html
25 lines (18 loc) · 1.76 KB
/
BappDescription.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
<p>Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results. It's intended to complement Burp Intruder by handling attacks that require extreme speed or complexity.</p>
<h2>Features</h2>
<ul>
<li><b>Fast</b> - Turbo Intruder uses a HTTP stack hand-coded from scratch with speed in mind. As a result, on many targets it can seriously outpace even fashionable asynchronous Go scripts.</li>
<li><b>Flexible</b> - Attacks are configured using Python. This enables handling of complex requirements such as signed requests and multi-step attack sequences. Also, the custom HTTP stack means it can handle malformed requests that break other libraries.</li>
<li><b>Scalable</b> - Turbo Intruder can achieve flat memory usage, enabling reliable multi-day attacks. It can also be run in headless environments via the command line.</li>
<li><b>Convenient</b> - Boring results can be automatically filtered out by an advanced diffing algorithm adapted from Backslash Powered Scanner</li>
</ul>
<p>On the other hand it's undeniably harder to use, and the network stack isn't as reliable and battle-tested as core Burp's.</p>
<h2>Basic use</h2>
<ol>
<li>Highlight the area you would like to inject over.</li>
<li>Right click, and use the context menu option "Send to Turbo Intruder". A new window containing your request will open.</li>
<li>Customize the Python code snippet to configure your attack.</li>
<li>Launch your attack by clicking the "Attack" button.</li>
</ol>
<p>To get started with Turbo Intruder, please refer to the video and documentation at <a href="https://portswigger.net/blog/turbo-intruder-embracing-the-billion-request-attack">Embracing the billion-request attack</a>.</p>
<p><br>Copyright © 2018-2025 PortSwigger Ltd.<p>