full-disclosure-uk January 2010 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: [Full-disclosure] Browser Fuzzer 3

[Full-disclosure] Browser Fuzzer 3

From: Krakow Labs <krakowlabs_at_nospam>
Date: Sat Jan 16 2010 - 05:22:13 GMT
To: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk, fuzzing@whitestar.linuxbox.org


Browser Fuzzer 3, or bf3, is a comprehensive web browser fuzzer.

  • Fuzzes CSS, DOM, HTML, JavaScript and XML
  • Attended and Unattended Fuzzing Modes
  • 7th Generation Fuzzing Oracle
  • Random Data Generator
  • Mutation Fuzzing Engine

Browser Fuzzer 3 is designed as a hybrid framework/standalone fuzzer; the modules it uses are extendable but also highly integrated into the core.

bf3 can be used via command line to set all necessary flags for each fuzzing operation. After initialization, bf3 creates test cases in a numbered system. Fuzzing is automated through the browser using the refresh method. If error is detected, server logs can provide insight to the offending test case.

http://www.krakowlabs.com/dev.html for binary, source code, demonstration video and more.

~KL



Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/