This allows you to select the payload generators to use when fuzzing a request.
Payload generators generate the raw attacks that the fuzzer submits to the target application.
The following types of generators are provided by default:
Empty/Null - generates the selected payload multiple times, leaving the message without changes. This payload generator is useful to send multiple messages that are later processed, for example, with a Fuzzer HTTP Processor (Script).
File - select any local file for one off attacks
File Fuzzers - select any combination of the fuzzing files registered with ZAP, e.g. via add-ons like fuzzdb
Numberzz - allows to easily generate a sequence of numbers, with custom increment
Regex - generate attacks based on regex patterns
Strings - raw strings, which can be entered manually or pasted in
Script - custom scripts that can generate any payloads required
Json - generate attacks by fuzzing the provided json
You can write custom payload generator scripts - these can supply any payloads that you need.
Add-ons can also define additional payload generators.
The 'Processors...' button launches the Payload Processors dialog which allows you to
configure payload processors that just apply to the palyload generator you have selected.