Permanently adding attack vectors in Burp Suite

Burp Suite is one of the popular tools for performing security assessment/testing for web applications. It can be used to run both manual and automated scans and consist of different tools such as a proxy server, a web spider, scanner, intruder, repeater, sequencer, decoder, collaborator and extender. Among all these functionalities intruder and scanner are most commonly use tools which can perform automated attacks on web applications.

Both these tools (intruder and scanner) use a default set of attack vectors(Fig. 1) to test and detect vulnerabilities like SQL Injection, Cross Site Scripting(XSS) and many more.

2020-08-21_9-46-15

These vectors are limited in number for almost all injections based attacks as shown in Fig. 2 , 20 payload count for XSS. Additional payloads can also be added using “Load…” option under Intruder ->Payloads(Fig. 3), but these additional payloads cannot be used by the scanner tab for automated scans, also these additional vectors need to be uploaded every single time after Burp Suite gets reopened.