Fuzzing various elements of HTML
The BrowserBruter is capable of fuzzing various elements of HTML disregarding their types.
Here, we have following sample web page with text, radio button, check box, calendar, time picker, color picker, select and text area and hidden field.
Please find below syntax to fuzz each element of above page by specifying their ids.
python3 BrowserBruter.py --elements _csrf,data,yesno,hobbies,phone,calendar,time,color,select,textarea --button submit --payloads fuzz.txt --attack 1 --target http://localhost:3000/ --fill data,yesno,hobbies,phone,calendar,time,color,select,textarea
And here is a live demonstration.
The BrowserBruter will modify the web page (minimal changes) to make the elements fuzzable without altering any logic or working of the web page.
Note: Here, the hidden field is CSRF token, this is also pros of using BrowserBruter that we don't have to worry about handling of CSRF token, as they will be automatically handled. Learn more about here.
Move on to the next section to learn about various fuzzing options.