This plugin tries to find new URL’s by changing the numbers that are present on it. Two configurable parameters exist:
An example will clarify what this plugin does, let’s suppose that the input for this plugin is:
This plugin will request:
If the response for the newly generated URL’s is not an 404 error, then the new URL is a valid one that can contain more information and injection points.
|fuzzImages||boolean||False||Apply URL fuzzing to all URLs, including images, videos, zip, etc.||It’s safe to leave this option as the default.|
|maxDigitSections||integer||4||Set the top number of sections to fuzz||It’s safe to leave this option as the default. For example, with maxDigitSections = 1, this string wont be fuzzed: abc123def234 ; but this one will abc23ldd.|
For more information about this plugin and the associated tests, there’s always the source code to understand exactly what’s under the hood:
Plugin source code
Unittest source code
This plugin has no dependencies.