def queueRequests(target, wordlists):
engine = RequestEngine(endpoint=target.endpoint,
concurrentConnections=5,
requestsPerConnection=100,
pipeline=False,
engine=Engine.THREADED
)
for word in ['info', 'admin', 'info.php']:
engine.queue(target.req, word.rstrip())
def handleResponse(req, interesting):
if req.status != 404:
table.add(req)
req1.txt
GET /%s HTTP/1.1
Host: testphp.vulnweb.com
Connection: close
Print result:
Please note that Turbo Intruder's SSL/TLS handling may differ slightly when run outside Burp Suite.
TURBO NOTICE: The input request appears to be using \n instead of \r\n as a line-ending. Consider changing your text-editor settings. Normalising...
ID | Word | Status | Wordcount | Length | Time
Starting attack...
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.python.core.PySystemState (file:turbo-intruder-all.jar) to method java.io.Console.encoding()
WARNING: Please consider reporting this to the maintainers of org.python.core.PySystemState
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
failed to read from clipboard
Establishing 5 connection to http://testphp.vulnweb.com:80 ...
Autorecovering first-request error during 'info'
Autorecovering first-request error during 'admin'
Autorecovering first-request error during 'info.php'
Autorecovering first-request error during 'info'
Autorecovering first-request error during 'admin'
Autorecovering first-request error during 'info.php'
Autorecovering first-request error during 'info'
Autorecovering first-request error during 'admin'
Autorecovering first-request error during 'info.php'
Autorecovering first-request error during 'info'
Skipping word due to multiple failures: -1034487891
java.lang.NullPointerException
Skipping word due to multiple failures: 1750427456
at burp.Request.getRequestAsBytes(Request.kt:98)
at burp.ThreadedRequestEngine.sendRequests(ThreadedRequestEngine.kt:212)
at burp.ThreadedRequestEngine.access$sendRequests(ThreadedRequestEngine.kt:17)
at burp.ThreadedRequestEngine$1.invoke(ThreadedRequestEngine.kt:50)
at burp.ThreadedRequestEngine$1.invoke(ThreadedRequestEngine.kt:49)
at kotlin.concurrent.ThreadsKt$thread$thread$1.run(Thread.kt:30)
Ignoring error: java.lang.NullPointerException
java.lang.NullPointerException
at burp.Request.getRequestAsBytes(Request.kt:98)
at burp.ThreadedRequestEngine.sendRequests(ThreadedRequestEngine.kt:212)
at burp.ThreadedRequestEngine.access$sendRequests(ThreadedRequestEngine.kt:17)
at burp.ThreadedRequestEngine$1.invoke(ThreadedRequestEngine.kt:50)
at burp.ThreadedRequestEngine$1.invoke(ThreadedRequestEngine.kt:49)
at kotlin.concurrent.ThreadsKt$thread$thread$1.run(Thread.kt:30)
Ignoring error: java.lang.NullPointerException
1 | admin | 0 | 1 | 4 | 0
2 | info.php | 0 | 1 | 4 | 0
Skipping word due to multiple failures: -900503370
java.lang.NullPointerException
at burp.Request.getRequestAsBytes(Request.kt:98)
at burp.ThreadedRequestEngine.sendRequests(ThreadedRequestEngine.kt:212)
at burp.ThreadedRequestEngine.access$sendRequests(ThreadedRequestEngine.kt:17)
at burp.ThreadedRequestEngine$1.invoke(ThreadedRequestEngine.kt:50)
at burp.ThreadedRequestEngine$1.invoke(ThreadedRequestEngine.kt:49)
at kotlin.concurrent.ThreadsKt$thread$thread$1.run(Thread.kt:30)
Ignoring error: java.lang.NullPointerException
3 | info | 0 | 1 | 4 | 0
Completed attack on http://testphp.vulnweb.com:80
Sent 0 requests over 18 connections in 0.9395241 seconds
RPS: 0
Reqs: 0 | Queued: 0 | Duration: 1 | RPS: 0 | Connections: 18 | Retries: 10 | Fails: 3 | Next: null | Completed
System: Ubuntu 18.04 Java version: 11.0.15 turbo-intruder version: 1.30 (from BApp) Command: java -jar turbo-intruder-all.jar req1.py req1.txt http://testphp.vulnweb.com:80 foobar
req1.py
req1.txt
Print result: