loading
Loading content
loading
Fuzzing throws large volumes of input at a target and watches for behavior it should not produce: a crash, a stack trace, a timeout, or a status code that hints at a hidden path. Coverage-guided fuzzers like AFL mutate input and track which code runs to dig deeper into a binary or parser. Web fuzzers take a different shape, swapping a marker in a request for entries from a list to brute-force parameters, paths, or payloads.
It matters because manual testing covers the inputs a developer thought of, and bugs hide in the ones nobody anticipated. Fuzzing surfaces edge cases at machine speed, which is why it finds memory-corruption flaws in parsers and injection points in web apps that a quick review would miss.
In web work fuzzing overlaps with content discovery and directory brute-forcing, since all three replay requests against a target driven by a wordlist. Pointing a fuzzer at a parameter with crafted payloads is also a common way to probe for SQL injection and similar input-handling flaws.
In a Trickest workflow you run web fuzzers across many hosts in parallel, feed curated wordlists, and filter responses by status, length, and timing so the signal rises above the noise of thousands of requests.
Related terms