What is Fuzzing?

Fuzzing is an automated means of testing an element of a web application until the application gives a vulnerability or valuable information. When we are fuzzing, we provide information as we would typically when interacting with it, just at a much faster rate. This means that we can use extensive lists known as wordlists to test a web application’s response to various information.

For example, rather than testing a login form for a valid set of credentials one-by-one (which is exceptionally time-consuming), we can use a tool for fuzzing this login form to test hundreds of credentials at a much faster rate and more reliably.

I fuzzed the separate password list provided by the THM team as the community edition was extremely slow. Key learning was just getting to know Burpsuite better, not a frequent occurrence for a GRC guy. 🙂