Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

webappsec logo WebApp Sec mailing list archives

Re: RE: Re: Webscarab how to?
From: f_kenisky () earthlink net
Date: 7 Jul 2006 17:03:56 -0000
sorry about the first one my fingers got ahead of the brain.

Ok I've read through the FUZZER thingly page.  Not 100% clear but I've copied the text and made a few corrections.

As far as the fuzzer is concerned I want to use the RegEx and put in some stuff on one of the identified fields.

When I put in a few RegEx characters and add the description and then click add I get the following dialog box;
Error;
Invalid regular expression!
No wildcards permitted near index 0
?-6*0-?^

Not really sure what I'm trying to get with this cool regular expression but it really doesn't matter since the fuzz 
won't take it.

After playing with the fuzzer I found an area (HTML) with a date field.  MM dd YY.  Three separate fields.  I set up 
three separate .txt files with MM dd & YY.  The .txt file for the month included all 12 months (as numeric values) and 
I also included a "-" and "*" just to see if the app would take that information.

Now I may be trying to do something that the Fuzzer wasn't intended to do so my apologies.

In esseence the month.txt file had 36 separate variables.  i.e.(01, 02, 03...-01, -02, -03...*01,*02,*03etc)

The html page I'm referring to had an begining and ending date so I included both in the fuzz test and used the 
month.txt file for each during the same test.

With a year.txt file containing 50+ years the fuzzer only fuzzed 36 (the number of months).

Hope I'm clear here as I got a feeling I'm confusing more people.

Thanks

-------------------------------------------------------------------------
Sponsored by: Watchfire

Securing a web application goes far beyond testing the application using 
manual processes, or by using automated systems and tools. Watchfire's 
"Web Application Security: Automated Scanning or Manual Penetration 
Testing?" whitepaper examines a few vulnerability detection methods - 
specifically comparing and contrasting manual penetration testing with 
automated scanning tools. Download it today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008Vmm
--------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]