This extension provides a way to use file contents and filenames as Intruder payloads.

Usage:

• Load the extension. A new tab called PayloadTab should appear.
• In the PayloadTab, choose the payload folder. The extension reads all files recursively and lists them.
• In the payloads tab of the Intruder tool:
  • At Payload Sets -> Payload Type, select Extension-generated.
  • At Payload Options, select File as Payload or Filename as Payload.
    • If you just need to use the file contents as payload, select File as Payload.
    • If you need both the content and filename then choose Pitchfork as the Attack type and use File as Payload for one Payload set and Filename as Payload for the other.
  • At Payloads -> Payload Encoding, disable the "URL-encode these characters" option (specially for multipart POST requests).

Requires Java version 7.