1 Mar 2013

Fuzzing tools and advices



Spike

is designed to assist in the creation of network-oriented fuzzers and supports sending data via TCP or UDP. Additionally, SPIKE provides several example fuzzers for protocols ranging from HTTP to Microsoft Remote Procedure Call (MSRPC). SPIKE libraries can be used to form the foundation of custom fuzzers, or SPIKE’s scripting capabilities can be used to rapidly develop fuzzers without requiring detailed knowledge of C program- ming. 

Spikes can contain static data, dynamic fuzzing variables, dynamic length val- ues, and grouping structures called blocks. 

Spike Proxy

Handles all the fuzzing and is capable of performing attacks such as SQL injection and cross-site scripting. SPIKE Proxy is written in Python and can be tailored to suit your needs. Basically it makes sure that you are able to bypass the application WAF within your attempt to i.e(Brute force every single combination of a password and username within the web application server).
  

Mangleme





References:


http://resources.infosecinstitute.com/intro-to-fuzzing/ 

http://freecode.com/projects/mangleme 

No comments:

Post a Comment