OWASP JbroFuzz 0.4 added to SD security tools watch
JBroFuzz is a stateless network protocol fuzzer that emerged from the needs of penetration testing. Written in Java, it allows for the identification of certain classess of security vulnerabilities, by means of creating malformed data and having the network protocol in question consume the data.
The purpose of this application is to provide a single, portable application that offers stable network protocol fuzzing capabilities. A number of frameworks as well as APIs exist for fuzzing; these require a certain skill level to understand and use, which often acts as a barrier when constrained by time.
The goal of the JBroFuzz project is straight forward: Create a simple, easy to use, stable network fuzzer for stateless protocols. JBroFuzz aims to offer a wide range of fuzzing capabilities as seen in the features below.
If you can’t fuzz with this version of JBroFuzz, you probably don’t want to fuzz!!
Ultimately the above goal does help raise awareness around the subject of fuzzing and how that can be used to benchmark and assist in the security of applications using such protocols.
The current version (0.4) supports the ability to specify your own generators. By default, the following are included within the application:
- Basic cross site scripting (XSS) checks
- Basic SQL injection (SQL) checks
- Buffer overflows (BFO) checks
- Format string errors (FSE) checks
- Integer overflows (INT) checks