Hello,
I'm new to fuzzing with Boofuzz, and I'm trying to figure out how to fuzz the basic "Authorization" HTTP header in a way that can be decoded and interpreted by the target web server. Here's some pseudocode for what I think I need to do:
b64encode(s_string("username") + s_static(":") + s_string("password"))
Is there a way to mutate the username/password fields, delimited by a static ":" separator, then base64 encode the whole thing and send it to the target?
Thanks!