Turbo Intruder: Abusing HTTP Misfeatures to Accelerate Web Application Attacks

Explore advanced techniques for accelerating web application attacks in this 30-minute conference talk from LevelUp 0x03. Dive into the world of Turbo Intruder, a research-grade Burp extension designed for high-speed HTTP requests. Learn how to leverage custom HTTP stacks to achieve over 30,000 HTTPS requests per second, significantly outperforming traditional tools. Discover methods for launching multi-step attacks, filtering responses, and generating context-aware payloads. Gain insights into the underlying HTTP abuse that enables such high speeds, and explore ongoing research on automatically identifying interesting responses. Through live demonstrations and code examples, master the use of Turbo Intruder to enhance your web application security testing capabilities.

Introduction
Agenda
Why Turbo Intruder
Using Turbo Intruder
Python Code
Attack Stats
Live Demo
Streaming Attacks
Default script
Valid responses
Random features
Summary