The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Before launching any attack, you should identify the attributes of the server’s

responses that you are interested in analyzing. For example, when enumerat-

ing identifiers, you may need to search each response for a specific string.

When fuzzing, you may wish to scan for a large number of common error mes-

sages and the like.

By default, Burp Intruder records in its table of results the HTTP status code,

the response length, any cookies set by the server, and the time taken to receive

the response. As with JAttack, you can additionally configure Burp Intruder to