Define path fuzzing rules to tell us the components of your web page path that need to be tested.
Guidelines to create path fuzzing rules:
- must start with http:// or https://
- must include parameters
- can include only alphabets, numbers, and special symbols _.-~ in
the parameter name
- cannot include blank parenthesis
- cannot include nested parameters {{}}
- cannot include unmatched parenthesis {}}
Example of web page:
http://www.abc.com/issue/17/section/sports/
The web server would read it as:
http://www.abc.com/search.php?issue=17§ion=sports
The path fuzzing rule would be:
http://www.abc.com/issue/{issue}/section/{section}
Defining this rule will ensure that issue and section parameters are fuzzed and we will limit the number of paths that match the same rule because they are redundant.