Fuzz Testing For HTTP Endpoints

The artillery-plugin-fuzzer plugin makes it easy to run simple fuzz tests (also known as monkey tests) on HTTP endpoints.

The plugin lets you use Artillery to send a lot of unexpected and weird payloads to your API endpoints. You can then monitor your backend for exceptions, errors or crashes, and improve the security and reliability of your system by fixing any issues uncovered.

The payloads generated by this plugin are based on the Big List Of Naughty Strings, which contains a large number of inputs that are more likely to trigger unexpected behavior in your software.


Important: this plugin requires Artillery v1.6.0-0 or later.

Install the plugin with:

npm install artillery-plugin-fuzzer

Enable the plugin in your test script with:

    fuzzer: {}

Then just use the {{ naughtyString }} variable as you would any other variable in your scenario:

- post:
    url: "/session"
      username: "{{ naughtyString }}"
      password: "secret"

A new value for the naughtyString variable will be generated for each new request in a scenario.