Hang tight while we fetch the video data and transcripts. This only takes a moment.
Connecting to YouTube player…
Fetching transcript data…
We’ll display the transcript, summary, and all view options as soon as everything loads.
Next steps
Loading transcript tools…
HTTP Anomaly Rank - a new Turbo Intruder feature | PortSwigger | YouTubeToText
YouTube Transcript: HTTP Anomaly Rank - a new Turbo Intruder feature
Skip watching entire videos - get the full transcript, search for keywords, and copy with one click.
Share:
Video Transcript
Video Summary
Summary
Core Theme
Turbo Intruder has introduced a new "anomaly rank" feature that leverages a local AI-free algorithm to automatically identify and surface the most unique and interesting responses from large-scale brute-force attacks, significantly reducing manual analysis time.
Mind Map
Click to expand
Click to explore the full interactive mind map • Zoom, pan, and navigate
Hey, this is James Kettle from
Potswigger and I just wanted to show off
a cool new feature that I've just added
to Turbo Intruder. So, in this window
here, you can see I've run a folder
brute force attack on portiger.net
and we've sent a few thousand requests.
So the challenge now is to find the
interesting results like what files has
it found, what folders, what other kind
of weird behavior and maybe like
front-end server mappings have we got?
Maybe there's different backend servers,
maybe there aren't. Maybe there's some
interesting cache rules only on certain
parts. This is all stuff that I'd love
to find in this table, but doing this
manually can be quite painful because
there's a whole lot of responses here.
There's 3,000, right? And the classic
approach to doing this is to sort by one
column like maybe the length and then
kind of scroll through and then sort by
a different column and so on. But this
approach is labor intensive and takes
ages. So I've just added a super cool
new feature called anomaly rank. What
this does is it uses a local AI free
algorithm to calculate and rank every
single response for how unique that
response is, how anomalous it is. So the
higher the score, the uh the more
anomalous it is. So if we hit that, we
can instantly see now we've got all the
interesting things at the top of our
table. And the cool thing is this
algorithm can spot some really subtle
and interesting things. Uh it is just it
just has this kind of knack for finding
valuable stuff such as the fact that we
can immediately see here if you hit /
404 uh then you get a 200 status code
which is quite weird. Uh and once again
if you hit / error you also get a 200.
And there's there's a whole bunch of
really interesting things here. Uh, I'd
encourage you to give it a go for
yourself on one of your websites. Uh, it
can spot things like all the different
types of 44 pages and it just flags
them. And basically, when you run an
attack like this, the rare stuff is the
interesting stuff. That's the stuff that
you want to manually look at. And this
just saves you a bunch of pain in
finding those things.
Also, this algorithm happens to be
really good for AI because if you give
an AI 2 or 3,000 HP responses, that's
going to blow up the context window and
it won't manage to do anything useful
with that whatsoever. Whereas, with
this, you just give it the top 20 uh
results as dictated per the anomaly rank
and great, now it's got something that
it can actually cope with and it can
just focus at looking at the interesting
stuff. So yeah, I hope you find this
useful. Turbo Intruder will actually now
sort by this column by default when the
attack finishes to reduce the amount of
interaction you have to to do as you can
see here. Uh but if you don't like that,
that's fair enough. I understand that.
So in the code, you can use table set
order and then it will automatically
sort by any column that you'd rather it
used. Uh hope that's useful. Let me know
Click on any text or timestamp to jump to that moment in the video
Share:
Most transcripts ready in under 5 seconds
One-Click Copy125+ LanguagesSearch ContentJump to Timestamps
Paste YouTube URL
Enter any YouTube video link to get the full transcript
Transcript Extraction Form
Most transcripts ready in under 5 seconds
Get Our Chrome Extension
Get transcripts instantly without leaving YouTube. Install our Chrome extension for one-click access to any video's transcript directly on the watch page.
