Fuzzing
- class Fuzz(application, flow, fuzzing_point, flags=0)[source]
Fuzz an input.
- attack_authentication()[source]
Attacks a Flow defined in
_authentication
.Unlike
attack_function
, this will take into account the finite state machine defined in the hyfiles. This should be used when the authentication process can be altered by the fuzzing, for example if some token needs to be extracted again from a previous authentication step for fuzzing to work.It will first follow the authentication process until reaching the desired state, then it will try fuzzing it, and if a
NextStage
operation is encountered, it will follow the instruction and move to this stage, then continue fuzzing.- Return type
None
- attack_function()[source]
Attacks a flow defined in
_functions
.Fuzz blindly the Flow object. It doesn’t take into account the authentication process, so this function is useful for fuzzing stuff as an already authenticated user.
- property is_authentication: bool
Returns True if the IS_AUTHENTICATION flag is set.
- Return type
bool