How to automate SQL Injection attacks using Burpsuite Intruder
SQL injection attacks allow attackers to spoof identity, tamper with existing data, cause repudiation issues such as voiding transactions or changing balances, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server.
SQL Injection is a common and dangerous vulnerability that allows attackers to manipulate a website’s database through maliciously crafted input. Automating these attacks can save time and increase efficiency, especially when scanning for multiple vulnerabilities across large applications. One powerful tool for this is BurpSuite’s Intruder, which enables attackers to automate SQL injection attacks systematically. In this guide, we’ll explore how to leverage BurpSuite Intruder to carry out SQL injection attacks, from setup to execution, ensuring you can uncover and exploit vulnerabilities with precision and speed.
Steps 
- Open Burbsuite , open proxy tab and click open browser
2. Navigate to the following url : https://demo.testfire.net
3. Click on “Sign in” and use admin/admin as login credentials
4. Go to proxy tab on Burpsuite and click http history tab
5. Select /doLogin request , right click and select send to intruder
6. Open Intruder tab , select uid value as shown on the screen shot and press “Add $” as this will be a placeholder for the test values.
7. Navigate to Payload box Github repo and copy the test patterns as shown on the screen shot ” https://github.com/payloadbox/sql-injection-payload-list“
8. Open Payloads tab and paste the copied test patterns as show below
9. Press start attack to start attack 
10. in the pop-up window you can see the attack patterns , response codes and the actual response for each request
That’s for today , hope you find it useful 
Please share your tips, experience, comments, and questions for further enriching this topic of discussion.