Fuzzing forms is one of the most efficient ways of finding web security bugs. FORMFuzz was specifically designed to fuzz-test any web application that expects form data in urlencoded format.
By subscribing to FORMFuzz you get the following awesome features:
- Full support for FORM fuzzing
- Fuzzing urlencoded and multipart forms
- Optional URL query and request headers fuzz stages
- Test web apps even behind the perimeter firewall
- Configurable fuzz payloads
- Share vulnerabilities with team members
- Exportable reports in HTML, CSV, XML and JSON
- Integration with 3rd-party tools
- Easy to use
- Always available
- Instantaneous updates
Forms are the default mechanism by which browsers communicate with web applications and therefore they represent a significant security risk. XSS, SQL Injection, LFI are common vulnerabilities found when testing web forms. Although the Scanner is an excellent tool for identifying these issues in automatic fashion, there are situations when a tester may prefer to use custom payloads in order to identify additional abnormal behavior.