Home

Awesome

Burp Intruder File Payload Generator

This extension provides a way to use file contents as custom Intruder payloads.

Suppose you need to test a file upload request with your library of carefully crafted files, such as gifar, php files, jpeg, jpegs with embedded php, stuff with wrong magic numbers, etc. You can paste those binaries contents on the Repeater one by one but that is boring. Instead you can use the Intruder configured to the payloads generated by this extension. The extension just needs to be pointed to the file payloads folder.

Choosing the input files:

Extension Tab

Configuring the Intruder:

Intruder payload

The source includes the Netbeans project stuff. You can use the native Netbeans GUI to modify the Extension Tab layout.

Usage

If you just need to use the file contents as payload, select File as Payload. If you need both the content and filename then choose Pitchfork as the Attack type and use File as Payload for one Payload set and Filename as Payload for the other.

TODO