[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Fuzzing testing webapp?
- To: "Mark Sec" <mark.sec@xxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Fuzzing testing webapp?
- From: "Morning Wood" <se_cur_ity@xxxxxxxxxxx>
- Date: Sun, 11 Dec 2005 11:49:31 -0800
>I want to do something like this with a script, tool etc, (Looking fuzzing
directory traversal )
>http://target/any.asp?data=.../.../.../ <-
>where the variable "data=" <-- this i want to test to found some bugs
>http://target/cgi-bin/any.cgi?data=var1&var2&
efuzz is good in windows, and has exactly what you want ( although you can
only fuzz one "var" )
http://www.priestmaster.org/projects/tools/efuzz.zip
( i have found stack overflows with this )
others are avail, such as "Peach" and "Fuzzy", but are python based ( and
work quite well )
the secret Google search string is:
http://www.google.com/search?hl=en&q=fuzzer
cheers,
mw
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/