Fuzzer is a powerful request manipulation tool which allows you to find vulnerabilities using brute-force and fuzz-testing techniques. Using the built-in permutation generators, encoders and decoders, JWT token builders and other facilities you can quickly build advanced testing utilities to quickly discover vulnerabilities and identify bugs. It is useful for development as well as security research and vulnerability hunting.

It is easy to get started. Configure the request you would like to fuzz. You can start from scratch or by opening any request from the Capture tool. Set some dynamic generator, such as a counter, a list a dictionary and so on. You can get the complete list of field capabilities by clicking the drop-down arrow or by just typing to autocomplete.

Once the request is ready, select one of the available attack modes: permutate, blast and hammer. The permutate attack will simply iterate over all possible combinations. Blast will send the same request up to the defined number of iterations. The hammer attack will continuously send the request until stopped. The data is summarised in the transactions viewer.