fuzzing.fuzzer¶

Fuzzing of a single HTTP request.

class asdfuzz.fuzzing.fuzzer.Fuzzer(request: Request, payloads: List[str], output_directory: Path, skip_current_shared: Value, delay: float = 0, fuzz_directories: bool = True, fuzz_parameters: bool = True, fuzz_cookies: bool = True, fuzz_form_data: bool = True, fuzz_json_data: bool = True, original_time: float | None = None, original_header_size: int | None = None, original_data_size: int | None = None)¶

Bases: object

Configurable fuzzer for a HTTP request request.

delay: float = 0¶: Delay between requests in seconds, excluding the duration of the request itself.

classmethod from_file(request: Request, filename: Path, output_directory: Path, fuzz_directories: bool, fuzz_parameters: bool, fuzz_cookies: bool, fuzz_form_data: bool, fuzz_json_data: bool, delay: float, skip_current_shared: Value) → Fuzzer¶: Loads payloads from a file filename and returns a Fuzzer object. Besides filename, from_file takes the same parameters as the Fuzzer class.

fuzz()¶: Execute fuzzing for a single original HTTP request.

fuzz_cookies: bool = True¶: Whether to fuzz cookies. Base64-encoded JSON data in cookies will be recursively traversed and every value will be fuzzed.

fuzz_directories: bool = True¶: Whether to fuzz directories in the URL.

fuzz_form_data: bool = True¶: Whether to fuzz form data.

fuzz_json_data: bool = True¶: Whether to fuzz JSON data. The JSON data will be recursively traversed and every value will be fuzzed. This parameter does not influence how JSON data in parameters or cookies is handled.

fuzz_parameters: bool = True¶: Whether to fuzz parameters in the URL. Base64-encoded JSON data in parameters will be recursively traversed and every value will be fuzzed.

original_data_size: int | None = None¶: Data size of the unmodified request in bytes.

original_header_size: int | None = None¶: Header size of the unmodified request in bytes.

original_time: float | None = None¶: Time in seconds of the unmodified request.

output_directory: Path¶: Folder where the performed HTTP requests and responses will be stored for reference.

payloads: List[str]¶: List of strings to be used for fuzzing.

request: Request¶: HTTP request to fuzz.

skip_current_shared: Value¶: multiprocessing.Value integer that will cause the rest of the fuzzing of the parameter/directory/cookie/… to be skipped. This parameter allows a section of the fuzzing to be skipped during runtime. This value can be asynchronously updated during runtime, and will be reset after the skipping has been performed. If this value is set to SKIP_CURRENT_SECTION, the current section will be skipped. If this value is set to DO_NOT_SKIP, the fuzzer will not skip.

fuzzing.fuzzer¶

asdfuzz

Navigation

Related Topics