WebApp Sec mailing list archives
RE: WebScarab Fuzzer
From: <Holger.Peine () iese fraunhofer de>
Date: Mon, 12 Jun 2006 08:46:37 +0200
Is there a better tutorial on how to use the WebScarab Fuzzer than this:
[...]
I'm on a project where this feature will be of great use to me.
Jason, while WebScarab is a fine tool, in particular regarding the fuzzer I found its competitor Burp to be both easier to use and more powerful: http://portswigger.net/intruder/ Note that Burp is not open source, and the full version of Burp Intruder must be purchased at a moderate price, but the fuzzing mechanism (in contrast to the lists of attack strings you might want to try on an application) is contained in the free demo version. I'm sure that WebScarab will catch up, though - Holger. -- Dr. Holger Peine, Security and Safety Fraunhofer IESE, Fraunhofer-Platz 1, 67663 Kaiserslautern, Germany Phone +49-631-6800-2134, Fax -1299 (shared) PGP key via http://pgp.mit.edu ; fingerprint is 1BFA 30CB E3ED BA99 E7AE 2BBB C126 A592 48EA F9F8 ------------------------------------------------------------------------- Sponsored by: Watchfire Watchfire's AppScan is the industry's first and leading web application security testing suite, and the only solution to provide comprehensive remediation tasks at every level of the application. Change the way you think about application security testing - See for yourself. Download a Free Trial of AppScan 6.0 today! https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007kaF --------------------------------------------------------------------------
Current thread:
- RE: WebScarab Fuzzer Holger.Peine (Jun 12)