Web application fuzzers

A fuzzer is a tool designed to inject random data into a web application. A web application fuzzer can be used to test for buffer overflow conditions, error handling issues, boundary checks, and parameter format checks. The result of a fuzzing test is to reveal vulnerabilities that cannot be identified by web application vulnerability scanners. Fuzzers follow a trial and error method and require patience while identifying flaws.

Burp Suite and WebScarab have a built-in fuzzer. Wfuzz is a one-click fuzzer available in Kali Linux. We will use all of these to test web applications in Chapter 10, Other Common Security Flaws in Web Applications.