Nmap Development mailing list archives
[NSE] http-form-fuzzer script
From: Peter O <perdo.olma () gmail com>
Date: Mon, 11 Jun 2012 01:11:48 +0200
Hi all, this script attempts to fuzz fields in forms it detects (it fuzzes one field at a time). In each iteration it first tries to fuzz a field with a string, then with a number. In the output, actions and paths for which errors were observed are listed, along with names of fields that were being fuzzed during error occurrence. Length and type (string/integer) of the input that caused the error are also provided. We consider an error to be either: a response with status 500 or with an empty body, a response that contains "server error" or "sql error" strings. ATM anything other than that is considered not to be an 'error'. There is room for improvement, one idea would be to develop more sophisticated techniques that will let us determine if the fuzzing was successful (i.e. we got an 'error'). Ideally, an algorithm that will tell us a percentage difference between responses should be implemented. - Peter
Attachment:
http-form-fuzzer.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] http-form-fuzzer script Peter O (Jun 10)
- Re: [NSE] http-form-fuzzer script Paulino Calderon (Jun 10)
- Re: [NSE] http-form-fuzzer script Peter O (Jun 11)
- Re: [NSE] http-form-fuzzer script Paulino Calderon (Jun 10)