What is Fuzzing in Hacking?

Updated: Dec 3, 2021

Fuzzing is a method of testing areas that accept user input whether intended or unintended. It involves presenting the input area with a large variety of invalid, unexpected, or random data with the intention of causing the system to accept the input to act in an unexpected way.



Doing this can indicate that there could be potential attack paths available against the system being targeted.


Types of fuzzing

There are various other styles of fuzzing from automated fuzzing, unlike the above example where many requests are sent to the system rather than just a single request. This is done with the same goal in mind; however, it allows for greater coverage and automated methods of testing against the target system.


Fuzzing Example

As an example of fuzzing a web application, the following string could be presented to the web application

';--";--`'>">')")'}"}']"]\\//>

This fuzzing string contains a variety of symbols intended to trigger various different effects depending on how well secured the application is, what software is in use, etc.


In the event the application is vulnerable to Cross-Site Scripting or SQL injection, for example, the resulting page may give some indication of these vulnerabilities and allow the person investigating the application to further dig into how to exploit the issues found from fuzzing the application.


If you like this blog post, find more content in our Glossary.