So, if you need both the content and file name in your Intruder attack, choose Pitchfork as the Attack type and use File as Payload for one Payload set and Filename as Payload for the other.

With this update you can synchronize the file name and its contents in the attack without much hassle, something that was not trivial in the previous version.

So I wrote an extension that reads a folder files and feeds their content, one at a time, as a payload to use in the Intruder.
Suppose you have a folder with your best malicious files, zip and xml bombs, jpegs with other contents, php shells, etc. You point the extension to this folder and just use the Repeater normally, setting the payload source as being this extension.
If you need/want to synchronize the file contents with the file name, the extension tab shows the names of the files it just read so you can use them as payload for a second position in the request, using the pitchfork attack.

EDIT
There is a new version of the extension that provides two generators, one for the file name and other for the file contents, easing this synchronization process. See this update post.

Choosing the input files

Configuring the Intruder

The extension is available here as a single jar. The code is available here.
I have submitted it to the BApp Store but it hasn’t been approved yet.

EDIT
Now available at the BApp Store, here :)

Enjoy.

The previous, and first edition, happened in 2013 and it was awesome. You can revisit the program here and search for the talks on Google (you will find some for sure).
With a quick search I found Bruno Morisson’s preso:

btw, he is also one of the organizers :)

I also did a presentation on how to start using Burp Suite, including a few tips to use it more efficiently:

Now that you know this years edition will be even better, go ahead and submit a talk here