Thursday, March 24, 2011

OWASP JBroFuzz v.2.5 Released

The OWASP JBroFuzz Project is a web application fuzzer for requests being made over HTTP and/or HTTPS. Its purpose is to provide a single, portable application that offers stable web protocol fuzzing capabilities.

JBroFuzz generates requests, puts them on the wire and records the corresponding responses received back. It does not attempt to identify if a particular site is vulnerable or not; this requires further human analysis.
However, certain payloads included in fuzzers that can be used to generate requests (e.g. XSS) are crafted to attempt to successfully exploit flaws. Such flaws represent previously known vulnerabilities for web applications. JBroFuzz groups fuzzers with their corresponding payloads into a number of categories, depending on previously known vulnerabilities.



No comments: