GitXplorerGitXplorer
c

webfuzz

public
29 stars
6 forks
0 issues

Commits

List of commits on branch main.
Unverified
cf4bc26d18b6170098906e11d88dae7eab390655

README

ccatenacyber committed 4 years ago
Unverified
3da608fa93f0ba1b9f6c04396373308cab996290

Exclude imports from stringdict

ccatenacyber committed 4 years ago
Unverified
fb27c0c39e74860274f46e8c7a3a52f0dfc6e158

Dictionary creator util

ccatenacyber committed 4 years ago
Unverified
f2e1e730ff82b6b652d6737f31fc42adad3a32eb

pcap 2 corpus

ccatenacyber committed 4 years ago
Unverified
7fb88b3583f27607172840cc1d129a6da265b81e

Corpus printer

ccatenacyber committed 4 years ago
Unverified
c1f32f45ebfafbf2931d224f9b11f4a76c532692

fixup

ccatenacyber committed 4 years ago

README

The README file for this repository.

webfuzz

This is a fuzzer against web applications. It uses request URI and response to infer some coverage to guid fuzzing It uses libFuzzer extra counters

Utils

  • Pcap2corp : takes a pcap as input and extracts a seed corpus out of it (ie the HTTP requests)
  • stringdict : parses a Go file and extract the constant strings out of them to generate a libFuzzer dictionary

TODOs

  • use the replies to infer URIs and parameters (ie add them to the dictionary) ie crawling capabilities
  • have a flexible way to get more valid requests (ie less fuzzing of the HTTP protocol, and the json parser...)
  • find duplicate coverage (ie if uri /foo/bar, /foo/baz and /foo/whatever are aliases to the same code)
  • create an authenticated session (without needing to reuse the cookie from the seed corpus)