Problem Statement
How would you responsibly use Burp Intruder during an interview-style exercise to test login throttling without harming users?
Explanation
Agree on a test account and a very small, slow wordlist. Set long delays between attempts and a tight maximum on requests. Watch responses for lockout, captchas, or error messages. Stop at the first sign of impact.
Burp Intruder automates customized attacks, but you control speed and scope. Pair this with clear authorization and logging to keep the test safe.
Code Solution
SolutionRead Only
Intruder → Sniper/Grep-Match → rate limit 1 req per sec → max 20 attempts on test_user
