Search This Blog

Tuesday, January 20, 2009

[TOOL] Browser Fuzzer

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -

Browser Fuzzer
------------------------------------------------------------------------


SUMMARY

DETAILS

Browser Fuzzer 2 (bf2) is a comprehensive web browser fuzzer that fuzzes
CSS, DOM, HTML and JavaScript.

How does it work?
BF2 takes in command line options that define the output of the fuzzing
web pages and define what phase the user would
like to fuzz. BF2 then generates the pages via custom functions that take
the required format, the tag or function its
fuzzing, and data from the fuzzing oracle in a way that the web browser
can interpret the content. One by one, BF2 outputs
each unique fuzzing page. To keep the process automated, refresh code is
also embedded in each fuzzing page to make them
jump from one to another after the browser processes each web pages
content.

Example Fuzzing Web Page (html40.html):
<html>
<head><meta http-equiv="refresh" content="1; url=html41.html"></head>
<body alink="%.2049d">
</html>


ADDITIONAL INFORMATION

The information has been provided by <mailto:krakowlabs@gmail.com> Krakow
Labs.
The original article can be found at:
<http://www.krakowlabs.com/dev/fuz/bf2/bf2_doc.txt>
http://www.krakowlabs.com/dev/fuz/bf2/bf2_doc.txt
To keep updated with the tool visit the project's homepage at:
<http://www.krakowlabs.com/dev/fuz/bf2/bf2.pl.txt>
http://www.krakowlabs.com/dev/fuz/bf2/bf2.pl.txt

========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)