Best Fuzz Testing Tools for Mozilla Firefox

BFuzz uses an input-based fuzzer that accepts HTML as input, opens a new browser instance and runs multiple test cases created by domato, which is located in the recurve directory of BFuzz. BFuzz also automates the same tasks repeatedly without affecting any test cases. BFuzz asks you to choose whether to fuzz Firefox or Chrome. However, it will open Firefox using recurve, and create logs in the terminal. BFuzz allows you to open a browser and run testcases. The test cases generated by domato contain the main script. It contains additional code for DOM fuzzing.

Wapiti is an application vulnerability scanner. Wapiti is a web application vulnerability scanner that allows you to audit your website or web application's security. It crawls the pages of the deployed web application, looking for scripts or forms where it could inject data. Wapiti, once it has a list of URLs and forms, as well as their inputs (inputs), acts like a "fuzzer" by injecting payloads into a script to see if it is vulnerable. Search for potentially harmful files on the server. Wapiti can be used to launch attacks using both GET HTTP and POST methods. It can also inject payloads into filenames. When an anomaly is detected (for example, 500 errors and timeouts), warnings are raised. Wapiti can distinguish between reflected and permanent XSS vulnerabilities. Creates vulnerability reports in different formats (HTML XML JSON TXT CSV).