[sbarre]

Does anyone know of a web fuzzer like tool that mutates structures like JSON or file uploads or the like while it tests?

So things that look like reasonably complex HTTP requests but have deficiencies or small variations?

The last few API outages we had in my group were due to JSON payload edge-cases (either malformed or incorrectly structured) that weren't caught by what we thought were pretty extensive E2E tests and validation.

[felubra]

You can use radamsa [1] to create mutations for JSON payloads. There's an example using it with ffuf here: https://github.com/ffuf/ffuf?tab=readme-ov-file#using-extern...

[1]: https://gitlab.com/akihe/radamsa

[sbarre]

Thank you so much! Just finished doing a few test with both of those tools and it looks like they will be very helpful.

[duttish]

I'm working on a fuzzer for json blobs as a side project, more work is needed before first public release but my email's in the profile if you're curious.