fuzz: Fix breadth first handling#7369

Open

kingthorin wants to merge 3 commits into

zaproxy:mainfrom

kingthorin:fuzz-breadth-depth

kingthorin commented May 19, 2026 •

edited

Loading

Member

Overview

Fix multi-location breadth payload combination (was incorrectly using depth-first-style iteration).
Rename strategies to Cluster Bomb and Pitchfork in code, UI, help, and tests; keep legacy depth/breadth config values working.
Update WebSockets fuzz handler for renamed Fuzzer replacer classes. (Build file was previously updated.)

From the payload lists 1,2,3 and a,b,c Pitchfork produces:

Related Issues

AI Disclosure

Cursor was used in the preparation of this change/PR.

kingthorin marked this pull request as draft

May 19, 2026 14:54

psiinon commented May 19, 2026 •

edited

Loading

Member

Checkmarx One – Scan Summary & Details – fa488bda-8a04-4f7f-8063-1d5c250159be

Great job! No new security vulnerabilities introduced in this pull request

Use @Checkmarx to interact with Checkmarx PR Assistant.
Examples:
@Checkmarx how are you able to help me?
@Checkmarx rescan this PR

kingthorin force-pushed the fuzz-breadth-depth branch from d97b65b to eacefd6 Compare

May 19, 2026 15:34

kingthorin marked this pull request as ready for review

May 19, 2026 15:35

This comment was marked as outdated.

Sign in to view

This comment was marked as outdated.

Sign in to view

This comment was marked as outdated.

Sign in to view

kingthorin force-pushed the fuzz-breadth-depth branch from eacefd6 to 8024737 Compare

May 20, 2026 13:41

kingthorin changed the title ~~fuzz: Fix breadth/depth handling~~ fuzz: Remove breadth-first UI and migrate config

kingthorin force-pushed the fuzz-breadth-depth branch from 8024737 to 39cff9b Compare

May 20, 2026 13:42

This comment was marked as outdated.

Sign in to view

kingthorin force-pushed the fuzz-breadth-depth branch from 39cff9b to 6ad37b9 Compare

May 20, 2026 13:58

kingthorin changed the title ~~fuzz: Remove breadth-first UI and migrate config~~ fuzz: Remove (hide) strategy UI components

kingthorin force-pushed the fuzz-breadth-depth branch from 6ad37b9 to d63851b Compare

May 20, 2026 14:04

This comment was marked as outdated.

Sign in to view

kingthorin marked this pull request as draft

May 20, 2026 17:45

This comment was marked as outdated.

Sign in to view

kingthorin marked this pull request as ready for review

May 21, 2026 10:01

This comment was marked as outdated.

Sign in to view

kingthorin force-pushed the fuzz-breadth-depth branch from d63851b to 1e06a97 Compare

May 27, 2026 23:46

kingthorin changed the title ~~fuzz: Remove (hide) strategy UI components~~ fuzz: Fix breadth first handling

kingthorin commented

View reviewed changes

addOns/websocket/CHANGELOG.md

               ## Unreleased
+              ### Changed
+              - Update for Fuzzer payload replacement strategy changes (Cluster Bomb and Pitchfork).

kingthorin May 27, 2026 •

edited

Loading

Member Author

Maybe this should just be "Maintenance changes"? 🤷

kingthorin added 3 commits

June 2, 2026 10:29


          fuzz: Fix breadth first handling

d4080ac

Signed-off-by: kingthorin <kingthorin@users.noreply.github.com>


          Rename

df1b2c1

Signed-off-by: kingthorin <kingthorin@users.noreply.github.com>


          Websocket

7b7a3e7

Signed-off-by: kingthorin <kingthorin@users.noreply.github.com>

kingthorin force-pushed the fuzz-breadth-depth branch from 63ed5d9 to 7b7a3e7 Compare

June 2, 2026 14:29

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet