Bradamsa

Generates intruder payloads using Radamsa. The version supports sniper attack type only.

Extension Availability Source Code Dependencies
Community Professional https://github.com/portswigger/bradamsa Radamsa

How to configure this extension

  1. Install Bradamsa on BApp Store. If you are willing to use the extension, get used to the Bradamsa pop-up every time you start Burp Suite.

  2. A new tab is created after installing Bradamsa. The default config looks as follows.

  3. To use this extension, install Radamsa on your system and make sure the binary is available at the location /usr/bin/radamsa. If the binary is present in a different place, update the same in the config.

  4. You can only use this extension in Sniper mode. If you want to fuzz an HTTP request to an application, send the request to Intruder.

    Select the position you want to fuzz. This extension only supports the Sniper attack type.

    Switch to the Payloads tab. In the Payload Sets section, select Extension-generated.

    In the Payload Options section, select Bradamsa as the generator.

    Click Attack

  5. By default, the Bradamsa payload generation count is set to 10. To increase the number of mutated input, increase the count according to your requirement.

When to use this extension?

The extension comes in handy when you try to fuzz an application to find interesting behavior. It’s not valuable for the everyday job (unless you are a person into fuzzing and love Burp Suite).