BrowserBruter: A powerful web form fuzzing automation tool

by ddos ·

The Browser-Bruter

The Browser-Bruter is the first ever browser-based automated web pentesting tool for fuzzing web forms by controlling the browser it self. It automates the process of sending payloads to input fields of the browser and sends them to server. It completely bypasses the need of breaking the encryption to fuzz and insert payloads in BurpSuite scanner and intruder. After fuzzing it generates a comprehensive report including all the data and results of the pentest along with HTTP traffic, this report can be viewed by The Report-Explorer tool which comes with The Browser-Bruter.

fuzzing automation tool

What does it do?

The biggest advantage of using browser bruter for fuzzing the web application is that all of the fuzzing will take place at the browser level, so all of the attacks will be as they have been manually done by the user by typing payloads in the input fields of the web application on browser.

This approach –

  • Allows Pentester to fuzz the web application forms when the HTTP body (or part of the body) is encrypted making HTTP proxy tools like ZAP and BurpSuite or SQLMap unable to insert payloads in such traffic. Learn more here.

  • Creates a way to bypass captchas by allowing the pentester to manually perform the required human interactions and then proceed to payload insertions.

  • Can fuzz front-end when there is no HTTP traffic, for example when Input is utilized on the client side, i.e. when you want to brute force OTP input which is validated on the client side, so there is no HTTP Traffic.

  • Removes the burden of session management, auth handling, and other micro management like CSRF handling while using HTTP proxy tools.

Features

Install & Use

Copyright (C) 2024 netsquare

Tags: BurpSuitefuzzing automation toolHTTP traffic