Skip to content

Commit

Permalink
Update README.md
Browse files Browse the repository at this point in the history
  • Loading branch information
Chris committed Aug 20, 2015
1 parent fd179eb commit 3e42186
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,12 +8,12 @@ A wordlist of API names used for fuzzing web application APIs.

## Usage
1. In burpsuite, send an API request you want to fuzz to Intruder.
2. Remove the existing API function call, and replace it with two § characters for each text file you want to use for fuzzing.
3. On the "Positions" tab, set Attack type to "Cluster Bomb"
2. Remove the existing API function call, and replace it with two § characters for each text file you want to use.
3. On the "Positions" tab, set Attack type to "Cluster Bomb".
4. On the "Payloads" tab, select 1 for the fist Payload set drop-down, then select a Payload type of "Runtime file" and navigate to the directory you downloaded these text files to. Select "actions.txt".
5. Repeat step 4 by setting Payload set 2 to "objects.txt"
5. Repeat step 4 by setting Payload set 2 to "objects.txt".
6. (optional step - add more payload sets and set them to "objects.txt" to test for multi-part objects like "UserAccount")
7. Start attack
7. Start attack!

## Comments
If you use this and it's helpful, I'd love to hear about it! (@dagorim). If you think I've missed any obvious word choices, I'd love to hear about that as well, or feel free to add them.

0 comments on commit 3e42186

Please sign in to comment.