Fuzzing forms is one of the most efficient ways of finding web security bugs.
｢Formfuzz was specifically designed to fuzz-test any web application, which expects form data.｣
◉ Fuzzing Forms
Forms are the default mechanism by which users communicate with web applications and therefore they represent a significant security risk. XSS, SQL Injection, LFI are common vulnerabilities found when testing web forms. The Scanner is an excellent tool for identifying these issues in automatic fashion. However, there are situations when a test might prefer to use custom payloads in order to identify additional abnormal behaviour.
◉ Tool Usage
Formfuzz is intuitive and easy to use just like the rest of the tools from the Suite. You start by defining a typical form request by using the HTTP editor. Then you press the start button. This action will initiate the fuzzer. The purpose of the fuzzer is to create all possible combinations of unexpected input. If a vulnerability is encountered, it will be automatically reported inside the report. More experienced users can use the transactions window to explore the behaviour of the web application in detail. The tool provides contextual help and other forms of visual aid to help you spot abnormal behaviour.
✂ ✂ ✂
This app comes with a free trial. Trials will roll into a payed subscription if not canceled.