Monthly Archives: September 2015

Testing uploads with Burp Intruder – Updated

Just updated my Intruder extension (described here) to provide two payload generators: the original one with the file contents and another one with the matching file name.

So, if you need both the content and file name in your Intruder attack, choose Pitchfork as the Attack type and use File as Payload for one Payload set and Filename as Payload for the other.

With this update you can synchronize the file name and its contents in the attack without much hassle, something that was not trivial in the previous version.