Intruder
Burp Intruder is meant for exploitation and automating attacks. Most of the attacks against web applications are about sending them a lot of data and making sense of the responses. Therefore, Intruder is a very good and efficient request sender and response collector. The tool is incredibly flexible and infinitely customizable. That is great once you have the hang of it, but can be a bit overwhelming for someone just starting out.
The best way to get started is to find a request that has parameters that can be fuzzed. A login form is a good example where we can check for weak credentials by simulating a dictionary attack using the Intruder tool.
First, we choose an interesting-looking request that can and should be automated. A few examples of this would be:
Enumerating user information, such as names and passwords
Enumerating common directories and files that can cause information leakage
Fuzzing for XSS, SQLI, and path traversals
Basically, we give a baseline request to Intruder, mark...
