Fuzzing
Fuzzing is a technique of submitting lots of data to a target (often in the form of invalid or unexpected inputs).
ZAP allows you to fuzz any request using:
- A built-in set of payloads
- Muatan yang didefinisikan oleh opsional add-ons
- Skrip kustom
Untuk mengakses Dialog fuzzer anda juga dapat:
- Klik kanan permintaan di salah satu tab ZAP (seperti Sejarah atau Situs) dan pilih "Serangan / Fuzz..."
- Sorot sebuah string dalam tab Permintaan, klik kanan dan pilih "Fuzz..."
- Pilih item menu "Tools / Fuzz..." lalu pilih permintaan yang ingin Anda ubah
Generator Payload
Payload Generators generate the raw values or attacks that the fuzzer submits to the target application.
Mereka berhasil melalui Payloads dialog.
Prosesor Payload
Muatan Prosesor dapat digunakan untuk mengubah muatan tertentu sebelum mereka diserahkan.
Mereka berhasil melalui Dialog Prosesor Payload.
Lokasi Prosesor Fuzz
Fuzz Lokasi Prosesor dapat digunakan untuk mengubah semua muatan sebelum mereka diserahkan.
Mereka berhasil melalui Lokasi Prosesor dialog.
Prosesor Pesan
Message Processors can access and change the messages being fuzzed, control the fuzzing process, and interact with the ZAP UI.
Mereka berhasil melalui Dialog fuzzer 'Pesan Prosessor' tab.
Some of this functionality is based on code from the OWASP JBroFuzz project and includes files from the fuzzdb project.
Note that some fuzzdb files have been left out as they cause common anti-virus scanners to flag them as containing viruses.
You can replace them (and upgrade fuzzdb) by downloading the latest version of fuzzdb and expanding it in the 'fuzzers' library.
Lihat juga