Fuzzing is a technique of submitting lots of invalid or unexpected data to a target.
ZAP allows you to fuzz any request still using a built in set of payloads.
To fuzz a request string:
Fuzzing is configured using the Options Fuzzing screen. Additional fuzzing files can be added via this screen or can be put manually into the "fuzzers" directory where ZAP was installed - they will then become available after restarting ZAP.
This functionality is based on code from the OWASP JBroFuzz project and includes files from the fuzzdb project.
Note that some fuzzdb files have been left out as they cause common anti virus scanners to flag them as containing viruses.
You can replace them (and upgrade fuzzdb) by downloading the latest version of fuzzdb and expanding it in the 'fuzzers' library.
UI Overview | for an overview of the user interface | |
Features | provided by ZAP |