Learn about using HTTP payloads with Nuclei
{{helper_function(variable)}}
in case mutator functions are needed), and perform batteringram, pitchfork and clusterbomb attacks. The wordlist for these attacks needs to be defined during the request definition under the Payload field, with a name matching the keyword, Nuclei supports both file based and in template wordlist support and Finally all DSL functionalities are fully available and supported, and can be used to manipulate the final values.
Payloads are defined using variable name and can be referenced in the request in between {{ }}
marker.
clusterbomb
or pitchfork
as attack type and defined only one variable in the payload section, template will fail to compile, as clusterbomb
or pitchfork
expect more than one variable to use in the template.
batteringram
as default type which generally used to fuzz single parameter, clusterbomb
and pitchfork
for fuzzing multiple parameters which works same as classical burp intruder.
Type | batteringram | pitchfork | clusterbomb |
---|---|---|---|
Support | ✔ | ✔ | ✔ |
clusterbomb
attack to fuzz.