-
Notifications
You must be signed in to change notification settings - Fork 13
/
README
1 lines (1 loc) · 975 Bytes
/
README
1
A simple random HTTP fuzzer. This plugin adds ActiveScan checks that fuzz the HTTP request. Using this fuzzer with any standard HTTP server (Apache, Nginx, etc.) is usually useless, but can be fun. It can be used to see the different error conditions a server and the web application code can run into. However, if you are targeting an embedded device HTTP server or anything more exotic you might be more lucky. The plugin does not do any checks and doesn't add any issues. It is recommended to install the Collect500, ResponseClusterer, Logger++ and Error Message Checks plugin to get additional checks. Additionally it is recommended to attach a debugger to the target program on the server (or use strace or another tool of your choice). In it's default configuration the plugin will not do anything, as it is not considered efficient to fuzz every actively scanned request. You need to specify a higher value for the number of tests in the options tab to enable fuzzing.