Home page logo
/

nmap-dev logo Nmap Development mailing list archives

[NSE] http-form-fuzzer script
From: Peter O <perdo.olma () gmail com>
Date: Mon, 11 Jun 2012 01:11:48 +0200

Hi all,

this script attempts to fuzz fields in forms it detects (it fuzzes one
field at a time). In each iteration it first tries to fuzz a field
with a string, then with a number. In the output, actions and paths
for which errors were observed are listed, along with names of fields
that were being fuzzed during error occurrence. Length and type
(string/integer) of the input that caused the error are also provided.
We consider an error to be either: a response with status 500 or with
an empty body, a response that contains "server error" or "sql error"
strings. ATM anything other than that is considered not to be an
'error'.
There is room for improvement, one idea would be to develop more
sophisticated techniques that will let us determine if the fuzzing was
successful (i.e. we got an 'error'). Ideally, an algorithm that will
tell us a percentage difference between responses should be
implemented.


- Peter

Attachment: http-form-fuzzer.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]