Burp Suite is a web application vulnerability testing platform ## Intruder Use Intruder to bruteforce login forms in webapps 1. capture web traffic using active burp suite proxy 2. send session to intruder 3. indicate payload position 4. select attack type payload positions and payload input 5. use seclist or other password sources ## seclists `sudo apt-get install seclist` usr/share/seclists