FUZZ in work
Yesterday, I used FUZZ for the first time in my work. It's so cool, I have decided to write a blog about it.
What is FUZZ?
fuzzing is a technique used in computer programming and software testing. It involves providing invalid, unexpected, or random data as input to a program or system in order to identify vulnerabilities, bugs, or abnormal behavior.
FUZZ in work
Yesterday, while testing a system, I discovered many paths using a browser plugin that called
So I use these paths to test the system by yakit, and select the paths with
200 of status code.
Among these paths, I discovered a registration API that returns some error codes.
So I use FUZZ to test this API.
Based on testing experience, APIs like this one are usually accessed using
POST requests. Therefore, I started fuzzing the parameters using
POST.I guess the registration API is the same as login API format.
The fuzz dict is from https://github.com/TheKingOfDuck/fuzzDicts.
However, after fuzzing, I couldn't find the first parameter.The
GET requests maybe tested.
I'm happy when I find a response packet that is different from the others after using
GET to test this API.
Following the same approach, I got a complete request packet.
This is my first fuzzing result.It's so cool.
《FUZZ in work》链接：https://xdym11235.com/archives/304.html