Fuzzing¶
- class Fuzz(flow, fuzzing_point, fuzzing_function, flags=0)[source]¶
Fuzz an input.
- attack_authentication(authentication, user, config)[source]¶
Attacks a Flow defined in
_authentication
.Unlike
attack_function
, this will take into account the finite state machine defined in the hyfiles. This should be used when the authentication process can be altered by the fuzzing, for example if some token needs to be extracted again from a previous authentication step for fuzzing to work.It will first follow the authentication process until reaching the desired state, then it will try fuzzing it, and if a
NextStage
operation is encountered, it will follow the instruction and move to this stage, then continue fuzzing.- Parameters
authentication (
Authentication
) – AnAuthentication
object with the finite state machine definitions.user (
User
) – AUser
object with the user specific information.config (
Config
) – AConfig
object with global Raider configuration.
- Return type
None
- attack_function(user, config)[source]¶
Attacks a flow defined in
_functions
.Fuzz blindly the Flow object. It doesn’t take into account the authentication process, so this function is useful for fuzzing stuff as an already authenticated user.
- property is_authentication: bool¶
Returns True if the IS_AUTHENTICATION flag is set.
- Return type
bool