RE: WebScarab Fuzzer

[<Holger.Peine () iese fraunhofer de>]

> Is there a better tutorial on how to use the WebScarab Fuzzer 
> than this:
[...]
> I'm on a project where this feature will be of great use to me. 

Jason, while WebScarab is a fine tool, in particular regarding
the fuzzer I found its competitor Burp to be both easier to use
and more powerful: http://portswigger.net/intruder/

Note that Burp is not open source, and the full version of Burp
Intruder must be purchased at a moderate price, but the fuzzing
mechanism (in contrast to the lists of attack strings you might
want to try on an application) is contained in the free demo version.

I'm sure that WebScarab will catch up, though -
Holger.

-- 
Dr. Holger Peine, Security and Safety
Fraunhofer IESE, Fraunhofer-Platz 1, 67663 Kaiserslautern, Germany
Phone +49-631-6800-2134, Fax -1299 (shared)
PGP key via http://pgp.mit.edu ; fingerprint is 1BFA 30CB E3ED BA99 E7AE
2BBB C126 A592 48EA F9F8

-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application
security testing suite, and the only solution to provide comprehensive
remediation tasks at every level of the application. Change the way you
think about application security testing - See for yourself.
Download a Free Trial of AppScan 6.0 today!

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007kaF
--------------------------------------------------------------------------