Fuzzer is a tool used by security professionals (and professional hackers :) to test a parameter of an application. Typical fuzzers test an application for buffer overflows, format string vulnerabilities, and error handling. More advanced fuzzers incorporate functionality to test for directory traversal attacks, command execution vulnerabilities, SQL Injection and Cross Site Scripting vulnerabilities. Web Vulnerability scanners typically perform all of this functionality, and can be considered an advanced fuzzer.
Kinds of Fuzzer
1. Simple Fuzzer
Simple Fuzzer is created for certain application and certain protocol.
2 Modular Fuzzer
Modular fuzzer gives more customizing to test applications. This fuzzer is framework that give more chance to define kind of data, number of data, protocol, etc. E.g. : SPIKE (Python based), Peach Fuzzer (Perl based), and Fuzzled (Perl based).
3. Advanced Fuzzer
Advanced Fuzzer have more feature than the other two. Feature is developed from any bugs in the other fuzzers, e.g. Sulley having ability to do "target monitoring".
Kinds of Fuzzer
1. Simple Fuzzer
Simple Fuzzer is created for certain application and certain protocol.
2 Modular Fuzzer
Modular fuzzer gives more customizing to test applications. This fuzzer is framework that give more chance to define kind of data, number of data, protocol, etc. E.g. : SPIKE (Python based), Peach Fuzzer (Perl based), and Fuzzled (Perl based).
3. Advanced Fuzzer
Advanced Fuzzer have more feature than the other two. Feature is developed from any bugs in the other fuzzers, e.g. Sulley having ability to do "target monitoring".
0 komentar:
Post a Comment