Over the past month we have drastically improved both Xmlfuzz and Jsonfuzz - two of our most popular web fuzzers. In particular, we have fine-tuned the default list of payloads in order to cover as much area as possible without impacting the performance. Now you can use your own payload lists as well.
In order to load a custom payload list, such as those found in FuzzDB, simply click on the
Load Payloads button and select the file to be used for fuzzing. The fuzzing engine will handle the rest automatically. In addition to your payloads, both tools will perform some additional fuzzing in order to find technology-specific vulnerabilities such as XXE (XML External Entity Injection) and more.
As usual your feedback is much appreciated. Do not hesitate to reach out.