Skip to content

catenacyber/webfuzz

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

webfuzz

This is a fuzzer against web applications. It uses request URI and response to infer some coverage to guid fuzzing It uses libFuzzer extra counters

Utils

  • Pcap2corp : takes a pcap as input and extracts a seed corpus out of it (ie the HTTP requests)
  • stringdict : parses a Go file and extract the constant strings out of them to generate a libFuzzer dictionary

TODOs

  • use the replies to infer URIs and parameters (ie add them to the dictionary) ie crawling capabilities
  • have a flexible way to get more valid requests (ie less fuzzing of the HTTP protocol, and the json parser...)
  • find duplicate coverage (ie if uri /foo/bar, /foo/baz and /foo/whatever are aliases to the same code)
  • create an authenticated session (without needing to reuse the cookie from the seed corpus)

About

No description, website, or topics provided.

Resources

License

Stars

29 stars

Watchers

2 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages