From 25eee25d0e925dc2727b5a17d4bffa1165e08356 Mon Sep 17 00:00:00 2001
From: xmendez <xmendez@edge-security.com>
Date: Fri, 6 Mar 2015 00:29:25 +0000
Subject: [PATCH] Add auth FUZZ words when checking (fixes #402)

---
 framework/fuzzer/fuzzobjects.py | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/framework/fuzzer/fuzzobjects.py b/framework/fuzzer/fuzzobjects.py
index 4a9e971f..85c53bce 100644
--- a/framework/fuzzer/fuzzobjects.py
+++ b/framework/fuzzer/fuzzobjects.py
@@ -164,21 +164,24 @@ def from_http_object(self, c, bh, bb):
 
     @staticmethod
     def from_seed(seed, payload):
+	rawReq = seed.getAll()
+	schema = seed.schema
+	method, userpass = seed.getAuth()
+	http_method = None
+
 	marker_regex = re.compile("FUZ\d*Z",re.MULTILINE|re.DOTALL)
-	fuzz_words = len(marker_regex.findall(seed.getAll()))
+	fuzz_words = len(marker_regex.findall(rawReq))
+
 	if seed.wf_fuzz_methods:
 	    fuzz_words += 1
 
+	if method:
+	    fuzz_words += len(marker_regex.findall(userpass))
+
 	if len(payload) != fuzz_words:
 	    raise FuzzException(FuzzException.FATAL, "FUZZ words and number of payloads do not match!")
 
-	rawReq = seed.getAll()
-	schema = seed.schema
-	method, userpass = seed.getAuth()
-	http_method = None
-
 	newreq = seed.from_copy()
-
 	rawUrl = newreq.completeUrl
 
 	for payload_pos, payload_content in enumerate(payload, start=1):