Creating a Fuzz Target

Once the initialization process is complete, indicated by a check mark before the “Initialize Project” sidebar item, a fuzz test can be created. In order to create a fuzz test for a Spring Boot application, go to the “Fuzz Tests” Sidebar Menu and click on the Plus button.

creating a fuzz target

From the list, chose to create a Spring Boot Fuzz Test

select springboot

After Selecting “Spring Boot Fuzz Test” you will see a configuration screen. On this screen you can name the new Fuzz Test and specify which endpoints you want to test. In case your Project builds multiple applications (Webgoat actually builds two) you can select the application you’re interested in testing.

select springboot

Per default, the automatically generated fuzz test will test all the endpoints it detected during the initialization phase. If you’re more interested in testing selected endpoints, you can filter and select the endpoints to test.

For this example we are going to focus on the “/challenge/5” endpoint and call the new fuzz test “FuzzChallenge5”. Deselect all the controllers using the button “Deselect all” then search for the controller /challenge/5, and select it. See the image below.

select springboot