Intruder attack types

One of the most confusing things for beginners are the attack types in the Intruder tool. I will do my best to explain them to you in a practical way, so they won't be an obstacle for you to use this section:

• Sniper: This is the most popular one, and you can use it for only one payload. A practical example of this type of payload is the one that we saw earlier, for fuzzing directory names. Another example would be to fuzz the query string value. Hackers fuzz the product number in the URL, to see which products are on a discount before they appear online.
• Battering ram: This uses a single payload, as well, but it allows you to place the same payload into all defined positions. A practical example is when you want to insert the email address in the form field and the query string.
• Cluster bomb: This one uses multiple payloads for each position (the maximum is 20). In other words, this attack is used when an attack requires different, but unrelated, input to be inserted in multiple places in the request. The best way to explain it to you is through a practical example, which is the password credentials attack—my favorite one. So, you would use the username in one field and the password in the password field.
• Pitchfork: This one uses multiple payloads for each position (the maximum is 20). In other words, this attack is used when an attack requires different, but related (the opposite of the cluster bomb), input to be inserted in multiple places in the request. For example, when you want to insert a username in a field, and its associated ID in another field.