Fuzzing is the process through which we enter invalid or unexpected data to our target Application .
We use Fuzzing in our application when we want to break our application or crash it
using unexpected inputs .
Fuzzing can be done manually or by using any tool. In this blog we will learn how to perform Fuzzing using ZAP tool .
STEPS TO PERFORM FUZZING
- Turn on the proxy in your browser .
- Open the Browser & hit the url .
- Enter in to the field for which you want to perform Fuzzing and send post request to the server .
- Now go to the ZAP tool and see the post request sent (You can see it in the Request section of the tool).
- Now select the character which u have entered in the page before and right click on it and select Fuzz from the display options .
- when you will click on fuzz ,another window Fuzzer will get open , now click on payload button .
- Window name payloads will get open , click on Add button.
- when click on Add button Add payload window will get open . click on the drop down and select File fuzzer option .
- As soon as you will click on File fuzzer option various file options will get displayed, check on Recursive Fuzzers or Replacive Fuzzers or Zer Fuzzers and click on Add button.
- On clicking Add button , this will again take u in Payloads window , now click on ok button .
- This will take you in Fuzzer window , click on start Fuzzer button to start the Fuzzing.