Home

Path Fuzzing Rules

We support path fuzzing for your web page URLs. If your web application uses URL rewrite, you can tell us the path components that need to be tested by defining the path fuzzing rules. The rules will tell us the path components/parameters that need to be fuzzed and we will prevent multiple crawling of paths that meet the rules.

Guidelines for creating path fuzzing rules

- must start with http:// or https://
- must include parameters
- can include only alphabets, numbers, and special symbols _.-~ in the parameter name
- cannot include blank parenthesis
- cannot be nested {{}}
- cannot include unmatched parenthesis {}}

Example 1

Let us consider sports web page:
http://www.abc.com/issue/17/section/sports/article/28

The web server will read this URL as:
http://www.abc.com/search.php?issue=17&section=sports&article=28

The path fuzzing rule would be:
http://www.abc.com/issue/{issue}/section/{section}/article/{article}

Example 2

In this example the parameter names are not part of the URL path:
www.myweatherstation.com/weather/daily/94065/010117
www.myweatherstation.com/weather/weekly/94065/1
www.myweatherstation.com/weather/monthly/94065/1

In such cases, the path fuzzing rule would be defined as:
www.myweatherstation.com/weather/daily/{pincode}/{date}
www.myweatherstation.com/weather/weekly/{pincode}/{week}
www.myweatherstation.com/weather/monthly/{pincode}/{month}

Defining the path fuzzing rules will ensure that the parameters are fuzzed and we will limit the number of paths that match the same rule because they are redundant.