Intruder - Cluster Bomb attack
Purpose: The Cluster Bomb attack type is used for exhaustive testing of all possible combinations of payloads across multiple parameters. This attack type is useful when you need to explore how different inputs interact with each other comprehensively.
How It Works:
Combinatorial Explosion: In a Cluster Bomb attack, Burp Suite will try every possible combination of the payloads provided for each parameter. It systematically varies each parameter in every possible way.
Thorough Testing: This method can uncover complex interactions between parameters but can generate a large number of requests, so it should be used carefully.
Steps:
1.Capture the Request:
Use Burp Suite’s Proxy tab to intercept the login request.
For example, the intercepted HTTP POST request might look like this :
POST /example?p1=p1val&p2=p2val HTTP/1.0
Cookie: c=cval
Content-Length: 17
p3=p3val&p4=p4val
2.Set the Positions:
Highlight p3 and p4 parameters and set them as variable positions using "Add §".
The request will look like this in the Positions tab :
3.Configure Payloads:
In the Payloads tab, set up multiple payload sets:
Payload Set 1 for p3 (e.g., 123,234,345).
Payload Set 2 for p4 (e.g., a,b,c).
4.Start the Attack:
Click "Start Attack" to begin the Cluster Bomb attack.
Result Analysis: Burp Suite will generate requests for every possible combination of p3 and p4. Review the responses to identify if any combination leads to successful authentication or triggers a unique server response.
Conclusion: The Cluster Bomb attack is designed for exhaustive combinatorial testing across multiple parameters. It’s the go-to choice when you need to explore all possible input combinations, especially in complex authentication mechanisms or multi-field forms. While it can generate a large number of requests, its thoroughness ensures that no potential combination is left untested, making it invaluable for uncovering intricate vulnerabilities.
Comments
Post a Comment