|
|
Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Présentation : Browser Fuzzer 3, or bf3, is a comprehensive web browser fuzzer. Browser Fuzzer 3 is designed as a hybrid framework standalone fuzzer the modules it uses are extendable but also highly integrated into the core. bf3 can be used via command line to set all necessary flags for each fuzzing operation. After initialization, bf3 creates test cases in a numbered system. Fuzzing is automated through the browser using the refresh method. If error is detected, server logs can provide insight to the offending test case. Fuzzes CSS, DOM, HTML, JavaScript and XML Attended and Unattended Fuzzing Modes 7th Generation Fuzzing Oracle Random Data Generator Mutation Fuzzing Engine USAGE . bf3 -Z -X file.ext -x extra.html -P www INFO -T Fuzzing Oracle -D Modules Available -M target module -A attended fuzzing mode dom js only -U unattended fuzzing mode -O use the fuzzing oracle -R use random generation -Z max number of bytes random generation -X file to parse for mutation -x extra file for mutation css xml only -P test case output directory full path -T list fuzzing oracle -D list modules available Modules Available 1 Cascading Style Sheets CSS 2 Document Object Model DOM 3 HyperText Markup Language HTML 4 JavaScript JS 5 Extensible Markup Language XML Example Usage Fuzz JavaScript in Unattended Mode with the Fuzzing Oracle and output test cases to var www . bf3 -M 3 -U -O -P var www Fuzz DOM in Attended Mode with Random Data up to 10,000 bytes and output 10,000 test cases to var www dom . bf3 -M 2 -A -R 10000 -Z 10000 -P var www dom Fuzz CSS by mutating file.css with Random Data up to 100,000 bytes default and use file.html to display the data, output to var www cssm total number of test cases 100 x number of characters in file.css . bf3 -M 1 -U -R 100 -X home linux bf3 samples css style.css -x home linux bf3 samples css bmgsec.html -P www css Fuzz JavaScript in Unattended Mode by generating 1,000,000 random test cases and output to var www js . bf3 -M 4 -U -R 1000000 -P var www js Fuzz XML in Unattended Mode with Random data and output 100,000 test cases to var www xml . bf3 -M 5 -U -R 100000 -P var www xml If you notice an anomaly in the target while processing test cases and you have access to the logs at the server which is hosting them, you can do this to figure out which one you need to save and further research fuzz linux grep -i chrome var log apache2 access.log tail -1 10.10.1.111 - - 09 Jan 2010 09 54 54 -0500 GET xml1 xml334761.html HTTP 1.1 200 756 http 10.10.1.110 xml1 xml334760.html Mozilla 5.0 Windows U Windows NT 5.1 en-US AppleWebKit 532.0 KHTML, like Gecko Chrome 3.0.195.38 Safari 532.0 Misc Notes Attended mode fuzzes things that may need attention a click of the mouse, etc like JS alert and prompt During all fuzzing generation except mutation, -R of test cases. During mutation, of test cases is -R x number of characters in the target file Make sure you remove any data that would conflict with the automated fuzzing process in the extra file when using mutation When mutation fuzzing XML, you must make sure the xml variable's name is Document . Please replace the var in the extra file with Document to make things work correctly This could be the first project to go from C bf to PERL bf2 and back to C again bf3 Krakow Labs Development for binary, source code, demonstration video and more.
Les mots clés de la revue de presse pour cet article : browser fuzzer
Les videos sur SecuObs pour les mots clés : browser
Les éléments de la revue Twitter pour les mots clé : browser
Les derniers articles du site "Jeremy's Computer Security Blog" :
- What did they fix
- Adobe Flash Temporary Filename Scheme
- Reverse Engineering File Formats
- Browser Fuzzer 3
- Writing Code that Breaks Code
- Mozilla Code sighs
- From Static Analysis to 0day Exploit
- Some vendors are 'unconcerned'
- Firefox Local Download Manager Vulnerability
- Desktop Management Interface DMI
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.191.75.173 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.191.75.173 to any 80"
- Nous contacter par mail
| Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
| Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
| Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
| Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|
