Fuzzing

Fuzzing jest techniką wysyłania do celu mnóstwa nieprawidłowych lub nieoczekiwanych danych.

ZAP pozwala Ci na fuzzowanie każdego zapytania, również za pomocą wbudowanych ładunków (payload).
W celu fuzzowania treści zapytania:

You can also search for strings in the fuzz results using the Search tab.

Fuzzing is configured using the Options Fuzzing screen. Additional fuzzing files can be added via this screen or can be put manually into the "fuzzers" directory where ZAP was installed - they will then become available after restarting ZAP.

This functionality is based on code from the OWASP JBroFuzz project and includes files from the fuzzdb project.
Note that some fuzzdb files have been left out as they cause common anti virus scanners to flag them as containing viruses.
You can replace them (and upgrade fuzzdb) by downloading the latest version of fuzzdb and expanding it in the 'fuzzers' library.

Zobacz również

     UI Overviewfor an overview of the user interface
     Featuresprovided by ZAP