{"skill":{"slug":"bookforge-web-application-fuzzing-automation","displayName":"Web Application Fuzzing Automation","summary":"Build and execute customized automated attacks against web applications. Use this skill when: systematically enumerating valid identifiers (userids, document...","tags":{"appsec":"1.0.0","automation":"1.0.0","bookforge":"1.0.0","burp-intruder":"1.0.0","captcha-bypass":"1.0.0","csrf-token":"1.0.0","data-harvesting":"1.0.0","fuzzing":"1.0.0","identifier-enumeration":"1.0.0","latest":"1.0.0","os-command-injection":"1.0.0","path-traversal":"1.0.0","payload-generation":"1.0.0","penetration-testing":"1.0.0","session-handling":"1.0.0","sql-injection":"1.0.0","xss":"1.0.0"},"stats":{"comments":0,"downloads":28,"installsAllTime":0,"installsCurrent":0,"stars":0,"versions":1},"createdAt":1777463037414,"updatedAt":1777463511478},"latestVersion":{"version":"1.0.0","createdAt":1777463037414,"changelog":"Initial release of the web application fuzzing automation skill.\n\n- Automates customized attacks against web apps for identifier enumeration, data harvesting, and fuzzing using parameterized payloads.\n- Supports detection via HTTP status code, response length, time, headers, and custom grep expressions.\n- Details payloads for SQLi, XSS, OS command injection, path traversal, script injection, and RFI.\n- Guides Burp Intruder attack type selection and advanced session-handling (cookie jar, macros, token management).\n- Addresses automation blockers like anti-CSRF tokens, session expiry, and CAPTCHA.\n- Includes triage instructions for sorting and analyzing automated results.\n- Designed for authorized penetration testers and appsec professionals with Burp Suite Pro or equivalents.","license":"MIT-0"},"metadata":{"os":null,"systems":null},"owner":{"handle":"quochungto","userId":"s176b6gfk8djgcz320d83ta4e184bx1v","displayName":"Hung Quoc To","image":"https://avatars.githubusercontent.com/u/88069966?v=4"},"moderation":null}