Is Burp Suite Spider and Intruder Safe?


#1

Hi Guys,

I am fairly new to Bug Crowd and general bug hunting. I have spent a lot of time in labs practicing different techniques and looking for vulnerabilities manually to understand it better however I want to start using some tooling. I am mostly familiar with Burp and Zap.

My question though is whether the Spider and Intruder features are generally considered safe against real world targets? I would assume not due to potential request rates on the backend however I thought I’d ask the Experts/Community for your opinion.

If not, what alternatives are there to automated aspects of the process?

Thanks!


#2

Burp and ZAP are typically safe. Make sure that on the spider function that you don’t have it to populate and autosubmit form information. I had a problem once because I had Burp configured to automatically submit form information and it entered the name, address, phone and email address in the prepopulated form data in Burp.


#3

Ah ok, I will watch out for that. Nice one! Thanks for the reply.


#4

Hey Chris
I’m new too to the field of bughunting , maybe we can help each other
contact me on discord
Ayoub#1938 or email : rezultas.diali@gmail.com
cheers