FUZZ in work
Yesterday, I used FUZZ for the first time in my work. It's so cool, I have decided to write a blog about it.
What is FUZZ?
Fuzz or fuzzing is a technique used in computer programming and software testing. It involves providing invalid, unexpected, or random data as input to a program or system in order to identify vulnerabilities, bugs, or abnormal behavior.
FUZZ in work
Yesterday, while testing a system, I discovered many paths using a browser plugin that called FindSomething. 
So I use these paths to test the system by yakit, and select the paths with 200 of status code. 
Among these paths, I discovered a registration API that returns some error codes. 
So I use FUZZ to test this API.
Based on testing experience, APIs like this one are usually accessed using POST requests. Therefore, I started fuzzing the parameters using POST.I guess the registration API is the same as login API format. 
The fuzz dict is from https://github.com/TheKingOfDuck/fuzzDicts.
However, after fuzzing, I couldn't find the first parameter.The GET requests maybe tested.
I'm happy when I find a response packet that is different from the others after using GET to test this API. 
Following the same approach, I got a complete request packet. 
This is my first fuzzing result.It's so cool.
《FUZZ in work》链接:https://xdym11235.com/archives/304.html
具体版权规定详见侧栏版权说明页面
Woooooooooooooooooooooooooooooooo!!!!!!!!!!
bro,you got it!!!It's so cool!!!