[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Fuzzing testing webapp?

To: "Mark Sec" <mark.sec@xxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] Fuzzing testing webapp?
From: "Morning Wood" <se_cur_ity@xxxxxxxxxxx>
Date: Sun, 11 Dec 2005 11:49:31 -0800

>I want to do something like this with a script, tool etc, (Looking fuzzing
directory traversal )
>http://target/any.asp?data=.../.../.../ <-
>where the variable "data="  <-- this  i want to test to found some bugs
>http://target/cgi-bin/any.cgi?data=var1&var2&;


efuzz is good in windows, and has exactly what you want ( although you can
only fuzz one "var" )
http://www.priestmaster.org/projects/tools/efuzz.zip
( i have found stack overflows with this )

others are avail, such as "Peach" and "Fuzzy", but are python based ( and
work quite well )

the secret Google search string is:
http://www.google.com/search?hl=en&q=fuzzer

cheers,
mw
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Fuzzing testing webapp?
  - From: Mark Sec

Prev by Date: Re: [Full-disclosure] Famous n3td3v quotes - The Director's Cut (outnow on DVD)
Next by Date: [Full-disclosure] SEC Consult SA-20051211-0 :: Several XSS issues in Horde Framework, Kronolith Calendar, Mnemo Notes, Nag Tasks and Turba Addressbook
Previous by thread: Re: [Full-disclosure] Fuzzing testing webapp?
Next by thread: [Full-disclosure] Re: [KAPDA::#16] - SMF SQL Injection
Index(es):
- Date
- Thread