Sniper fuzzer

[Asker]

Hello!
How to run a fuzzer with sequential payload parameters? Like sniper intruder on Burp Suite.
By default, in ZAP it works like a cluster bomb.

[thc...@gmail.com]

Hi.

Not out of the box (yet), you would have to use a Fuzzer HTTP Processor
script for that.
https://www.zaproxy.org/docs/desktop/addons/fuzzer/httpmessageprocessors/#fuzzer-http-processor-script

Best regards.

[Test Testov]

Thanks for quick answer.

How to add processor or script to customize fuzzer? On Docs page not enough information about ZAP options. And no one example.

вт, 18 июл. 2023 г. в 11:21, <thc...@gmail.com>:

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/25f4a110-733f-fdff-50d5-26dcb039b6a0%40gmail.com.

[thc...@gmail.com]

There are examples in:
https://github.com/zaproxy/community-scripts/tree/13031c7c6449671c913020dad4c0370dfcd28675/httpfuzzerprocessor

(The README also links to the key classes.)

Once the script is created you can add it in the Fuzzer > Messages
Processors tab (ensure you enable the script).


For general help about the scripts:
https://www.zaproxy.org/docs/desktop/addons/script-console/

Best regards.