Can Turbo Intruder perform credential stuffing, the way Burp Intruder uses its Pitchfork attack mode?

PortSwigger / turbo-intruder

Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.

https://portswigger.net/blog/turbo-intruder-embracing-the-billion-request-attack

Apache License 2.0

1.42k stars 207 forks source link

Can Turbo Intruder perform credential stuffing, the way Burp Intruder uses its Pitchfork attack mode? #122

Closed mrbiggleswirth closed 1 year ago

mrbiggleswirth commented 1 year ago

[ Guide ] Credential stuffing using a Burp Intruder Pitchfork attack

https://portswigger.net/burp/documentation/desktop/tutorials/credential-stuffing-pitchfork-intruder

Can Turbo Intruder perform credential stuffing, the way Burp Intruder uses its Pitchfork attack mode?

I tried the pitchFork.py script which I found in past issues from about 2 years ago. But since it's not listed in the /resources/example/ folder I'm guessing it doesn't work? Anyhow I couldn't make the script work.

albinowax commented 1 year ago

Yes, but you'll need to learn to code Python.