How often do you find yourself running scans that take ages to complete? How often do you cancel a scan because it has been taking too long? But what if you left it to run for 3 more minutes? Would that have given you a breakthrough result?
Today, we’re going to go fast, really fast! Let’s take a look at how Turbo Intruder can help us achieve lightning fast web application scan speeds!
🙋♂️ What is Turbo Intruder?
Turbo Intruder is a plugin for BurpSuite, which is by the far the most well-known web application hacking toolkit out there. The Turbo Intruder plugin allows you to perform all kinds of scans with incredible speed and precision.
But why use Turbo Intruder when BurpSuite already an Intruder? Well Turbo Intuder is way faster, uses way less memory and ohh yea, can be used for free, unthrottled!
🚅 What makes it so fast?
In the past, tools have been increasing their requests per second speed by increasing the amount of connections. That was already a great start, as can be seen here.
First of all, I’m going to send requests one after the other. The settings here are:
concurrentConnections=1, requestsPerConnection=1, pipeline=False
How many requests per second does that grant us? Well a mere 8.
Time to go faster by setting our concurrent connections. I’m going to go with 25, but we recommend a number between 5 and 30.
concurrentConnections=25, requestsPerConnection=1, pipeline=False
What is the result? Well we see a 400% increase in speed! That’s great.
But can we go even faster? Well, let’s do something that not a lot of tools do, and that’s enabling more requests per connection. In this case, we’re reusing TCP connection. So instead of having to perform a TCP handshake with every request, we only have to make one for every 100 requests. We suggest setting this value to anything between 50 and 200.
concurrentConnections=25, requestsPerConnection=100, pipeline=False
What does that do for our speed? Well we see another 2000% increase in speed!
Now, we have one more trick up our sleeve! And that’s HTTP pipelining. This little known feature of HTTP allows you to send multiple requests all at once without having to wait for the responses. Thus we can send 10 requests at once and then wait for the server to reply to all of them, whereas previously, we’d sent a request, wait for the response, sent another one, wait for the response and so on. As you can see, with HTTP pipelining, we can go faster!
concurrentConnections=25, requestsPerConnection=100, pipeline=True
How much faster? Well let’s just double our speed once again!
Is any more proof you need to realize how insanely fast we can go using Turbo Intruder?
HOWEVER! Do be very mindful of the server you’re attacking. If the program doesn’t allow this amount of requests, do not go there.
👷♀️ Installing Turbo Intruder
Time to get it up and running on your machine. For this blog, I’m going to assume that you’ve already set up BurpSuite.
In Burpsuite, head over to the tab listing and select the “Extender” tab.
From there, select the Turbo Intruder plugin in the listing on the left.
The last step is installing it. In the right pane, click the “Install” button.
If all is well, you should now be able to go to a request in the “Repeater”, “Proxy” or any other tab, right click it, head over to “Extensions”, “Turbo Intruder” and “Send to turbo intruder”
That’s all we need to do in order to install Turbo Intruder!
🐱🏍 Our first run!
Check out the YouTube video in order to see us exploit a race condition using Turbo Intruder!
Turbo Intruder is your new tool for any fuzzing, scanning or bruteforcing! It’s designed for speed and it gives you speed! Start using it today to hack even faster!
Did you know that there is a video accompanying this article? Check out the playlist!