A Burpsuite extension written in Python to perform basic validation fuzzing.
This plugin creates an Intruder payload generator to fuzz based on the payloads type.
The engine will attempt to run a series of test for each type. It includes an interpolation technique to modify strings with numbers within them.
Extended Tests can be run to test for SQL Injection, XSS, and Command Injection.
This plugin works best when a Live Task is setup to audit Intruder requests.
- Add the extension into extender
- Send a request to Intruder
- Apply the attack type of your choice
- Switch to the payloads tab
- Choose Extension-generated for the payload number you want to fuzz
- Click Select Generator
- Select Logical Fuzzing Engine
- Click Start Attack