Shazzer User Guide

How to Use Shazzer

Shazzer offers three fuzz types: HTML, JS, and XSS. The concept involves creating a vector and testing it using the test button on the new vector screen. It operates by executing a comprehensive loop with the template and replacing any placeholders.


Placeholders allow users to substitute text in their template with generated characters in a loop. Currently, Shazzer supports four placeholders:


This placeholder logs the number of the current iteration of the loop and is commonly used in JS and XSS vector types.


This placeholder also logs the number of the current iteration of the loop.


This placeholder generates a character based on the current iteration number.


When this special tag is detected, Shazzer will log the result.

HTML Vectors

To create an HTML vector, select HTML from the dropdown menu. The testing options will be tailored to the HTML vector type. A special tag, "<found>", triggers Shazzer to log the result when detected. If you wish to test if characters within a style attribute were successful, you can utilize the style attribute and set the color property to "red". Shazzer will log the result upon detecting the color red.

Example using <found>:


Example using style:

<div style="/**$[chr]color:red;">test</div>

JS Vectors

JS vectors also incorporate a loop, where you should employ the log($[i]) placeholder to log the result. For instance, if you aim to identify which characters are permissible before parentheses in a function call:

XSS Vectors

XSS vectors resemble JS vectors but additionally permit HTML usage. You should utilize the same placeholders as you would for JS, but apply XSS vectors to determine if characters are logged. Here's an example XSS vector:
<img src $[chr]onerror=log($[i])>

The onerror attribute will trigger when the characters preceding it are ignored.