Jezebel Ali wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Greetings,
This question are asked before and true is not much information
availble. Please first look here:
http://seclists.org/lists/webappsec/2006/Apr-Jun/0401.html
After you read, it clear that fuzzer require text file for filling
in detail. For this you need download jar file from link above and
find two file "sql" and "xss". Although not well document,
WebScarab very comprehensive tool and I think it being rebuilt.
Sorry my bad englisk.
Kind regards,
Jez
Thanks for responding, Jez.
There is one thing that I left out of the explanation that Iwrote
previously.
By far the easiest way to fuzz a conversation (request/response pair)
that you have already seen (i.e. is visible in the Summary), is to right
click on the conversation in the Summary, and select "Use as fuzz
template". Then switch to the Fuzzer, and you will see the conversation
already loaded into the interface.
Then it is easy to select which parameters you wish to fuzz, and the
fuzz sources that you want to use.
Hope this helps.
Rogan
-------------------------------------------------------------------------
Sponsored by: Watchfire
As web applications become increasingly complex, tremendous amounts of
sensitive data - personal, medical and financial - are exchanged, and
stored. Consumers expect and demand security for this information. This
whitepaper examines a few vulnerability detection methods - specifically
comparing and contrasting manual penetration testing with automated
scanning tools. Download "Automated Scanning or Manual Penetration
Testing?" today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008Vmm
--------------------------------------------------------------------------
