REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications.
4
4
5
-
It can also be helpful to bypass WAFs and weak vulnerability mitigations. For more information, take a look at the [REcollapse slides](https://github.com/0xacb/recollapse/blob/main/till_recollapse_fuzzing_the_web_for_mysterious_bugs.pdf).
5
+
It can also be helpful to bypass WAFs and weak vulnerability mitigations. For more information, take a look at the [REcollapse blogpost](https://0xacb.com/2022/11/20/recollapse/).
6
6
7
7
The goal of this tool is to generate payloads for testing. Actual fuzzing shall be done with other tools like [Burp](https://portswigger.net/burp) (intruder), [ffuf](https://github.com/ffuf/ffuf), or similar.
8
8
skipped 118 lines
127
127
### Resources
128
128
129
129
This technique has been presented on [BSidesLisbon 2022](https://bsideslisbon.org/)