1. Home
  2. Docs
  3. Learning Center
  4. Testing Web Applications

Testing Web Applications

Fuzz testing web applications with FuzzLabs could not be easier thanks to the FuzzLabs Google Chrome Extension. The extension allows to start fuzz tests straight from the developer tool of your web browser, with just three clicks.

Extension Deployment

The deployment and initial configuration of the extensions is quite simple. Start by downloading the FuzzLabs Google Chrome Extension. Then, follow the instructions below.

Load Extension

The extension is currently provided “unpacked”. The reason for this is that Google’s review process of the published extensions can take several days which unfortunately delays prompt delivery of new features and bug fixes.

To deploy unpacked extensions, follow the steps below.

  1. In Google Chrome go to chrome://extensions/ and enable Developer Mode at the top right corner of the screen.
  2. Decompress the extension archive.
  3. Click on the “Load Unpacked” button on the top left side of the screen and select the folder “fuzzlabs-chrome” extracted from the extension archive.

Upon successful deployment, you should see the FuzzLabs extension showing up similarly as shown in the picture below.

Configuring the Extension

  1. Open a blank tab
  2. Open the Developer Tools (option + command + i on Mac)
  3. Click on the “FuzzLabs” tab at the top of the Developer Tools
  4. (Optional) Update the FuzzLabs API Endpoint as appropriate for your deployment
  5. Move to the Configuration tab on the FuzzLabs page and provide your FuzzLabs API key and API secret. On the right hand-side of the page you can find a little help what scopes to assign to your API key. Click HERE to learn about how to create an API key.

Once suitable credentials provided an additional field will show up that allows selecting an engine to run tests. This is shown below.

The configuration is now complete. It is time to have a look at how to use the extension.

Using the Extension

The extension displays all requests performed by the web browser on the “REQUESTS” tab. Switch to the REQUESTS tab of the extension and visit any website. You should see the requests showing up immediately.

Optionally, you can set up sophisticated capture filters by clicking on the Filters icon in at the top of the table. You can see this below.

Once you have found a request to test, right click on the highlighted row and click the “Import to FuzzLabs” item in the context menu.

In the pop-up dialog, enter the name of your test. This name will be used by FuzzLabs to create all the related test assets, such as the message and flow templates and the project configuration.

Click on the Save button.

If you move to the PROJECTS tab, you should see your new test configuration showing up. The Google Chrome extension does not automatically start the tests. Any imported tests must be started manually from the PROJECTS tab by clicking the “Play” button of the appropriate project.

Click the “Play” button. WARNING: Fuzzing may cause service disruption in case the target under test is unreliable. Do not run tests against any targets you are not authorized to test.

Running tests are not visible from the extension. To view running tests, click the little “eye” icon at the top of the table. This will open FuzzLabs’s test page in a new tab where you will be able to see all running tests.

Fuzz testing web applications with FuzzLabs is as easy as that. We are committed to improve the extension further to improve integration and user experience. Keep an eye out for the change logs to see when a new version is available.

Happy bug hunting!

Was this article helpful to you? Yes No