Fuzzing inside GET request has come up for me multiple times so I wanted to throw together a quick tool tip. For in depth use of web application pentesting with burp suite there are some great resources out there including the Burp Suite Documentation or the @primalsec article Web Hacking with Burp Suite. Here I will cover how to fuzz for xss with burp suite in a simple way.
First thing your going to want to do is enable your burp proxy and make a request for the page that you think contains xss in the GET request(see below):
Next your going to want to send this to intruder by right clicking and choosing Send to Intruder. You could also do manual testing by sending it to repeater:
After this navigate to the Intruder tab:
In this case Burp Suite has chosen to correct position. You do however have the option of choosing multiple positions. In this case we are choosing the sniper option which chooses a single set of payloads. After this we need to set our payload. I chose for this example xss-rsnake fuzz from fuzzdb. I would recommend downloading the entire fuzzdb but for this example I simply copied the list and pasted into the Payload Options [Simple list]:
To start the attack once all of the options are set choose intruder and start attack:
In the free version of Burp Suite the attack will be throttled so I would highly consider paying for the Pro version for any serious Web Application Pentesting. After your attack is finished review your results for XSS and profit: