JBroFuzz v1.8 released
The components of JBroFuzz are all integrated into a single window and can be accessed through individual tabs. These tabs are:
- The fuzzing tab is the main tab of JBroFuzz, responsible for all fuzzing operations performed over the network. Depending on the fuzzer payloads selected, it creates the malformed data for each request, puts it on the wire and writes the response to a file.
- The graphing tab is responsible for graphing (in a variety of forms) the responses received while fuzzing. This tab can offer a clear indication of a response that is different then the rest received, an indication of further examination being required.
- The payloads tab is a collection of fuzzers with their corresponding payloads that can be used while fuzzing. Payloads are added to the request in the fuzzing tab; a more clear view of what payloads are available, how they are grouped and what properties each fuzzer has can be seen in this tab.
- The headers tab is a collection of browser headers that can be used while fuzzing. Headers are obtained from different browsers on different platforms and operating systems. This tab is provided, as many web applications respond differently to different browser impersonation attacks.
- The system tab represents the logging console of JBroFuzz at runtime. Here you can access java runtime information, see any errors that might occur and also track operation in terms of events being logged.
JBroFuzz is written in Java and requires a 1.6 JRE/JDK (or higher) installed, to run. It is constituted of less than 70 classes, using, in total, 10 external libraries. It builds under Apache Ant.
Update submitted by Sebastien Gioria (OWASP French Chapter Leader)