Burp Intruder has a range of functions to help you to systematically examine a large number of results, and understand where different kinds of interesting requests appear.
You can sort the results quickly identify anomalous items, for example an item with HTTP status code or response length that differs from the remaining results.
To sort the table's contents, click on any column header. You can cycle through ascending, descending, and unsorted.
To copy the contents of a column, control-click the header. This enables you to extract an aspect of the results for further analysis.
The display filter enables you to hide results from view. This makes it easier to work on the content you are interested in. The current display filter is described in the filter bar above the results table. Click this to open the Filter settings window.
In the Filter settings window you can:
Filter by search term - Show or hide responses containing a specified term. You have the following options:
The filters only control what is displayed. If you hide items, they are not deleted: they reappear if you reset the filter.
You can add comments and highlights to results. This enables you to flag interesting results for further investigation.
To highlight a result:
To add a comment:
You can perform further actions on any results item to drive your testing workflow. For more information, see Intruder testing workflow.