The Automatic Navigation Handler
This is the most powerful feature which allows user to record & replicate navigation of web page required for fuzzing, these options are -
Automatic Navigation Handler:
--record-navigation This option will let user record their mouse clicks and keyboard key strokes, which can be replicated to navigate around the web page.
--load-navigation-before /path/to/navigation/file.json
This switch will load the previously recorded navigation and will replicate it to automatically do the navigation around the web page.
--load-navigation-after /path/to/navigation/file.json
This switch will load the previously recorded navigation and will replicate it to automatically do the navigation around the web page after submitting the form.
To give you an example of how powerful this feature is, following is an example of OWASP WebGoat 6.0 (Legacy).
Here, this is a JSON injection page from OWASP WebGoat 6.0 (Legacy). Here after enter names of the airports, the list of flights appears. Then after selecting the flight you can submit the form. Now though looks simple, there is no way to automatically fuzz this form BrowserBruter only. Because here we have first fill the airports fields to make the flights appear, then select the flight and then inject the payloads.
Recording the Navigation using --record-navigation option
Using --record-navigation switch, we can record the above navigation required in order to make the fields visible and fuzz. See the Video demonstration below for better understanding.
Replicating (Repeat) the Navigation using --load-navigation-before & load-navigation-before options
After recording the navigation, it will be stored in the JSON file inside BrowserBruter_Reports/navigation directory. From their you can load that file either before, after or you can load two files for both for fuzzing. See the Video demonstration below for better understanding.
Example WebGoat 6.0 Legacy
Hope on to the next section to learn about Anti Input Validation options.