Jump to content
daatdraqq

Firefuzzer

Recommended Posts

Posted

Description: Firefuzzer is a penetration testing tool. The aim of the fuzzer is to discover unknown vulnerabilities in web applications. As per the requirement of the Project Proposal, the FireFuzzer application would be executed from the Command Prompt. It has two major modules: 1)Buffer Overflow 2)Cross Site Scripting (XSS)

In the case of Buffer Overflow module, Firefuzzer creates random, possibly invalid text String and inserts into html input textboxes. All the Forms present on the given page are then submitted one after the other and appropriate look-up is performed for the status code response. Warnings are given for specific HTTP Codes. For a normal web page which loads properly without any error, HTTP Status Code 200 is sent as a response which means OK. HTTP Status Code 500 series of errors indicate exceptions caused at the Server End.

In the case of Cross-Site Scripting module, Firefuzzer will also target SQL injections where SQL commands are injected into the Login form component. Attacker can also effectively insert code and modify SQL command. These commands are then passed to Server end. Again, Look-ups are performed for the status code response and appropriate warnings are issued.

Download: firefuzzer - A Penetration Testing tool intended to find vulnerabilities in Web Pages especially Buffer Overflow and XSS - Google Project Hosting

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...