The Fuzzer tab shows you the requests and responses performed when you fuzz
a string.
Selecting a row see the full requests and responses.
You can also search for strings in the fuzz results using the Search tab.
HTTP Fuzzer results
The results have to be manually assessed to know if any vulnerability was found.
Meaning of values of the "State" column:
"Successful" - the message was successfully sent/received;
"Error" - an error occurred while creating or sending/receiving the message
(for example: malformed HTTP message, time out while reading the response);
"Reflected" - the injected fuzz string (value of "Fuzz" column) was found in
the response body.
Right click menu
Right clicking on a row will bring up a menu which will allow you to:
Ausschliessen von
This menu has the following submenus:
Proxy
This will exclude the selected nodes from the proxy. They will still be proxied via ZAP but will not be shown
in any of the tabs.
This can be used to ignore URLs that you know are not relevant to the system you are currently testing.
The nodes can be included again via the Session Eigenschaften dialog
Scanner
This will prevent the selected nodes from being actively scanned.
The nodes can be included again via the Session Eigenschaften dialog
Spider
This will prevent the selected nodes from being spidered.
The nodes can be included again via the Session Eigenschaften dialog
Erneut senden...
This will bring up the
Resend dialog which allows you to
resend the request after making any changes to it that you want to.
Warnung hinzufügen...
This will bring up the
Add Alert dialog which allows you to manually record a new
alert against this request.
Im Browser anzeigen
This will open the URL of the selected node in your default browser.