HelpAddonsFuzzPayloads
This allows you to select the payload generators to use when fuzzing a request.
Payload generators generate the raw attacks that the fuzzer submits to the target application.
The following types of generators are provided by default:
- File - select any local file for one off attacks
- File Fuzzers - select any combination of the fuzzing files registered with ZAP, eg via add-ons like fuzzdb
- Regex - generate attacks based on regex patterns
- Strings - raw strings, which can be entered manually or pasted in
- Script - custom scripts that can generate any payloads required
You can write custom payload generator scripts - these can supply any payloads that you need.
Add-ons can also define additional payload generators.
The 'Processors...' button launches the Payload Processors dialog which allows you to configure payload processors that just apply to the palyload generator you have selected.
| Fuzzer dialog 'Add...' button |
| Fuzzer concepts |
-
ZAP User Guide
- Introduction
-
Getting Started
- Configuring proxies
-
Features
- Active Scan
- Add-ons
- Alerts
- Anti CSRF Tokens
- API
- Authentication
- Break Points
- Callbacks
- Contexts
- Data Driven Content
- Filters
- Globally Excluded URLs
- HTTP Sessions
- Man-in-the-middle Proxy
- Modes
- Notes
- Passive Scan
- Scan Policies
- Scope
- Session Management
- Spider
- Statistics
- Structural Modifiers
- Structural Parameters
- Tags
- Users
- Scanner Rules
- A Simple Penetration Test
-
The User Interface
- Overview
- The Top Level Menu
- The Top Level Toolbar
- The Tabs
-
The Dialogs
- Active Scan
- Add Alert
- Add Break Point
- Add Note
- Encode/Decode/Hash
- Filter
- Find
- History Filter
- Manual Request Editor
- Manage Add-ons
- Manage Tags
-
Options
- Active Scan
- Active Scan Input Vectors
- Alerts
- Anti CSRF Tokens
- API
- Breakpoints
- Callback Address
- Certificate
- Check for Updates
- Connection
- Database
- Display
- Dynamic SSL Certificates
- Extensions
- Global Exclude URL
- HTTP Sessions
- JVM
- Keyboard
- Language
- Local Proxies
- Passive Scan Rules
- Passive Scan Tags
- Passive Scanner
- Rule Configuration
- Scripts
- Search
- Spider
- Statistics
- Persist Session
- Resend
- Scan Policy Manager
- Scan Progress
- Session
- Spider
- The Footer
- Command Line
- Add Ons
- Releases
- Paros Proxy
- Credits
