Fuzz Vectors

The following are fuzzing vectors which can be used with ZAP, Burp Suite, or another testing tool. Fuzzing is the "kitchen sink" approach to testing the responses of an application to parameter manipulation. Generally, an analyst looks for error conditions or abnormal behaviors that occur in an application as a result of fuzzing.

The following references are provided as input sources for fuzzing and related testing activities.

• Cross-site scripting (XSS) cheat sheet

• AwesomeXSS

• Payloads All The Things

• Big List of Naughty Strings

• Bo0oM Fuzz List

• FuzzDB

• bl4de Dictionaries

• Open Redirect Payloads

• EdOverflow Bug Bounty Cheat Sheet

• Daniel Miessler - SecLists

• XssPayloads Twitter Feed