WebApp Sec mailing list archives
Re: Webscarab how to?
From: Rogan Dawes <discard () dawes za net>
Date: Sat, 01 Jul 2006 16:46:30 +0200
Jezebel Ali wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Greetings, This question are asked before and true is not much information availble. Please first look here: http://seclists.org/lists/webappsec/2006/Apr-Jun/0401.html After you read, it clear that fuzzer require text file for filling in detail. For this you need download jar file from link above and find two file "sql" and "xss". Although not well document, WebScarab very comprehensive tool and I think it being rebuilt. Sorry my bad englisk. Kind regards, Jez
Thanks for responding, Jez.There is one thing that I left out of the explanation that Iwrote previously.
By far the easiest way to fuzz a conversation (request/response pair) that you have already seen (i.e. is visible in the Summary), is to right click on the conversation in the Summary, and select "Use as fuzz template". Then switch to the Fuzzer, and you will see the conversation already loaded into the interface.
Then it is easy to select which parameters you wish to fuzz, and the fuzz sources that you want to use.
Hope this helps. Rogan ------------------------------------------------------------------------- Sponsored by: WatchfireAs web applications become increasingly complex, tremendous amounts of sensitive data - personal, medical and financial - are exchanged, and stored. Consumers expect and demand security for this information. This whitepaper examines a few vulnerability detection methods - specifically comparing and contrasting manual penetration testing with automated scanning tools. Download "Automated Scanning or Manual Penetration Testing?" today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008Vmm --------------------------------------------------------------------------
Current thread:
- Re: Webscarab how to? Jezebel Ali (Jul 01)
- Re: Webscarab how to? Rogan Dawes (Jul 01)
- <Possible follow-ups>
- Re: Re: Webscarab how to? mr . nasty (Jul 03)
- Re: Webscarab how to? Rogan Dawes (Jul 04)
- RE: Re: Webscarab how to? PPowenski (Jul 04)
- Re: RE: Re: Webscarab how to? f_kenisky (Jul 08)
- Re: RE: Re: Webscarab how to? c0redump (Jul 09)
- Re: Webscarab how to? Rogan Dawes (Jul 09)