Fuzzing
Fuzzing refers to injecting data into something to study how it reacts. A keyword "FUZZ" is replaced with a word from a wordlist. It can be used to easily inject words in a URL, a form, or basically anything π₯.
- Guessing a subdomain?
FUZZ.example.com
-
Forced browsing?
example.com/FUZZ
- Find Insecure Direct Object References?
example.com?id=FUZZ
- Find Hidden Parameters?
example.com?FUZZ=xxx
- Find Virtual Hosts
example.com
andHost: FUZZ.example.com
- ...
FUZZ will be replaced with the values in the wordlist, one by one.
π» To-do π»
Stuff that I found, but never read/used yet.
- fuzzingbook (software testing)