Skip to content
A fast generative fuzzer for HTTP
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

Alt text


HTTPFuzzer can be used to generate vast amounts of both valid and invalid HTTP requests, allowing you to test both web application and web server handling of requests.

Running HTTPFuzz

Generate a random request:


Generate a valid request:

python --header-mutate-level=0 --body-mutate-level=0 --request-mutate-level=0

Generate a request with a json body:

python --body-mutate-level=0 --body-type=json

Full help:

usage: [-h] [--header-mutate-level [{0,1,2,3,4,5,6,7,8,9,10}]]
                   [--body-mutate-level [{0,1,2,3,4,5,6,7,8,9,10}]]
                   [--request-mutate-level [{0,1,2,3,4,5,6,7,8,9,10}]]
                   [--body-type {json,junk,rand}] [--num-headers NUM_HEADERS]
                   [--generate-num GENERATE_NUM] [-v]

optional arguments:
  -h, --help            show this help message and exit
  --header-mutate-level [{0,1,2,3,4,5,6,7,8,9,10}]
                        Set the mutation level for the headers (0-10). Default
                        = 5
  --body-mutate-level [{0,1,2,3,4,5,6,7,8,9,10}]
                        Set the mutation level for the body (0-10). Default =
  --request-mutate-level [{0,1,2,3,4,5,6,7,8,9,10}]
                        Set the mutation level for the request line (0-10).
                        Default = 5
  --body-type {json,junk,rand}
                        Set the data generated in the request body. Default =
  --num-headers NUM_HEADERS
                        Sets the maximum number of headers. Default = number
                        of available headers
  --generate-num GENERATE_NUM
                        Number of requests to generate. Any more than 1
                        generated request will output to a new folder called
                        output/. Default = 1
  -v, --version         show program's version number and exit
You can’t perform that action at this time.