Fuzzer

This guide explains how to use the Fuzzer tool to automate request fuzzing, analyze application behavior, and discover hidden functionality.

Why and when to use Fuzzer

Best for: Parameter testing, resource discovery, input validation analysis, and automated request variation testing.

The Fuzzer tool functions similarly to burp suite's intruder testing tool. It allows users to define one or more fuzzing positions within an HTTP request and automatically generate requests using configurable payloads.

The tool can send thousands of modified requests while monitoring responses for behavioral differences, making it useful for discovering hidden resources, undocumented parameters, valid identifiers, and unexpected application functionality.

Use when:

  • Testing request parameters
  • Enumerating identifiers
  • Discovering hidden files and directories
  • Testing API endpoints
  • Finding valid usernames or IDs
  • Discovering undocumented functionality
  • Analyzing application input validation
  • Comparing response behavior

Fuzzer Interface

Fuzzer interface

The Fuzzer interface consists of the following components:

Request Editor

The Request Editor allows users to create or modify HTTP requests.

Requests can be written manually or copied from:

  • Intercept
  • Request
  • Crawler
  • API Discovery
  • History Views

Fuzz Markers

Specific portions of a request can be marked as fuzzing positions.

Example:

GET /api/users?id=§123§ HTTP/1.1
Host: example.com

The value enclosed by markers becomes a fuzzing position.

During execution, payload values are substituted into the marked location.

Multiple markers can be defined within the same request.

Example:

POST /api/users/§USERID§ HTTP/1.1
Host: example.com
Content-Type: application/json

{
    "role":"§ROLE§"
}

Payload Configuration

The Payload Configuration dialog allows payloads and payload processors to be assigned to each fuzz marker.

Each marker can have independent payload settings.

Payload Types

The Fuzzer supports four payload types.

Simple List

Uses a manually defined list of payload values.

Common uses:

  • Username testing
  • Parameter enumeration
  • Resource discovery
  • API testing

Runtime File

Loads payloads from an external file during execution.

Benefits:

  • Supports very large wordlists
  • Dynamic payload updates
  • Reduced memory consumption

Common uses:

  • Directory fuzzing
  • Username wordlists
  • Identifier enumeration

Numbers

Automatically generates numeric payloads.

Configurable options include:

  • Start value
  • End value
  • Increment value
  • Padding length

Common uses:

  • User ID enumeration
  • Record discovery
  • Sequential identifier testing

Dates

Automatically generates date values.

Configurable options include:

  • Start date
  • End date
  • Date interval
  • Output format

Common uses:

  • Historical record discovery
  • Date filtering
  • Schedule testing
  • Report enumeration

Payload Processors

Payload processors modify payload values before they are inserted into requests.

Processors are configured independently for each marker.

Common operations include:

  • Prefixing values
  • Suffixing values
  • URL encoding
  • Base64 encoding
  • Case conversion
  • String formatting

Payload processors allow payloads to be transformed without modifying the original payload source.

Fuzzer Settings

The Configuration dialog allows control over request execution behavior.

Fuzzing Technique

Defines how requests are generated and processed.

Sequential

Processes requests one at a time.

Benefits:

  • Easier response analysis
  • Reduced server load
  • Better compatibility with stateful applications

Recommended for:

  • Authentication testing
  • Session-based applications
  • Rate-limited targets

Parallel

Processes multiple requests simultaneously.

Benefits:

  • Faster execution
  • High-volume testing
  • Efficient large-scale enumeration

Recommended for:

  • Resource discovery
  • API testing
  • Large payload sets

Follow Redirects

Automatically follows redirect responses.

Supported status codes include:

  • 301 Moved Permanently
  • 302 Found
  • 303 See Other
  • 307 Temporary Redirect
  • 308 Permanent Redirect

When disabled, redirect responses are returned directly.

Request Timeout

Defines the maximum amount of time SpiderSuite waits for a response.

Proxy Configuration

Routes requests through a configured proxy server.

Supported proxy types:

  • HTTP
  • HTTPS
  • SOCKS4
  • SOCKS5

Typical uses:

  • Traffic inspection
  • Request monitoring
  • Network debugging
  • External routing

Fuzzer Controls

Start

Begins the fuzzing session.

Payloads are generated and requests begin processing according to the selected fuzzing technique.

Pause

Temporarily suspends the fuzzing session.

No additional requests are sent while paused.

Resume

Continues a previously paused fuzzing session.

Stop

Immediately terminates the fuzzing operation.

Previously collected results remain available for analysis.

Results View

As requests are processed, responses are displayed in the Results View.

Each result includes:

  • Request number
  • Payload value
  • Status code
  • Response size
  • Response time
  • Content type

Results can be sorted and filtered to identify anomalies and interesting responses.

History View

Every fuzzing session is automatically recorded in the History View.

Stored information includes:

  • Session timestamp
  • Request template
  • Payload configuration
  • Fuzzing technique
  • Request count
  • Response count
  • Execution duration

Reopening Sessions

Previous fuzzing sessions can be reopened for review and analysis.

This allows users to:

  • Compare results
  • Continue testing
  • Reuse configurations
  • Investigate interesting responses

Fuzzing Workflow

1

Create or Paste a Request

Enter an HTTP request into the Request Editor.

2

Mark Fuzz Positions

Select portions of the request to be fuzzed.

3

Configure Payloads

Assign payload types and processors to each marker.

4

Configure Settings

Adjust fuzzing technique, redirects, timeout, and proxy settings.

5

Start Fuzzing

Click the Start button to begin execution.

6

Monitor Responses

Observe response codes, lengths, timings, and content differences.

7

Pause, Resume, or Stop

Control execution using the Fuzzer controls.

8

Review Results

Analyze responses and identify interesting findings.

Typical Workflow

1

Capture a request from Intercept or create one manually.

2

Mark parameters or values for fuzzing.

3

Assign payload sources.

4

Configure execution settings.

5

Run the fuzzing session.

6

Identify unusual responses and behavioral differences.

7

Send interesting results to the Request tool for manual investigation.

The Fuzzer tool integrates closely with Intercept, Request and Crawlers. Captured requests can be sent directly to the Fuzzer, enabling rapid testing of parameters, identifiers, files, endpoints, and application functionality.