HackDig : Dig high-quality web security articles for hacker

Java Bugs with and without Fuzzing – AFL-based Java fuzzers and the Java Security Manager

In the last half a year I have been doing some fuzzing with AFL-based Java fuzzers, namely Kelinci and JQF. I didn’t really work with java-afl. The contents of this post are: Various AFL-based Java fuzzers are available that can be used to find more or less severe security issues. By combining these with sanitizers provided by the Java Security Manager
Publish At:2019-09-19 18:20 | Read:58 | Comments:0 | Tags:Fuzzing AFL Apache fuzzing Java Java security manager JQF Ke

DeepState Now Supports Ensemble Fuzzing

by Alan Cao, Francis Lewis High School, Queens, NY We are proud to announce the integration of ensemble fuzzing into DeepState, our unit-testing framework powered by fuzzing and symbolic execution. Ensemble fuzzing allows testers to execute multiple fuzzers with varying heuristics in a single campaign, while maintaining an architecture for synchronizing gene
Publish At:2019-09-19 16:00 | Read:92 | Comments:0 | Tags:Fuzzing Internship Projects

Automating Web Apps Input fuzzing via Burp Macros

Hi Readers, This article is about Burp Suite Macros which helps us in automating efforts of manual input payload fuzzing. While it may be know to many testers, this article is written for those who are yet to harness the power of burp suite’s macro automation. In my penetration testing career so far, while performing fuzzing of parameters and page fiel
Publish At:2017-09-03 05:00 | Read:3242 | Comments:0 | Tags:Knowledge-base OWASP SecureLayer7 Lab burp suite fuzzing inp

american fuzzy lop – Security Oriented Fuzzing Tool

American fuzzy lop is a security-oriented fuzzing tool that employs a novel type of compile-time instrumentation and genetic algorithms to automatically discover clean, interesting test cases that trigger new internal states in the targeted binary. This substantially improves the functional coverage for the fuzzed code. The compact synthesized corpora produc
Publish At:2015-11-20 20:50 | Read:2073 | Comments:0 | Tags:Hacking Tools Programming afl afl fuzzing afl-fuzz afl-fuzze

0d1n – Web HTTP Fuzzing Tool

0d1n is an open source web HTTP fuzzing tool and bruteforcer, its objective is to automate exhaustive tests and search for anomalies (you know, vulnerabilities). 0d1n can increase your productivity following web parameters, files, directories, forms and other things.Od1n is written in C and uses libcurl for performance.FeaturesSome of the features of 0d1n ar
Publish At:2015-11-09 14:25 | Read:2712 | Comments:0 | Tags:Hacking Tools Web Hacking 0d1n auth fuzzing fuzzing fuzzing-

[IRCCloud] History and Another XSS Bug Bounty

Personally, I have been a user of IRC since 2004 on some private networks and some other well-known ones such as Freenode. However, it was always inconvenient to have to set up an IRC Bouncer, so when IRCCloud came around, I was excited to try it and see if it provided me with a method of staying connected to all the required networks without having to downl
Publish At:2015-10-14 11:40 | Read:2897 | Comments:0 | Tags:fuzzing infosec pentesting pentura security Software Vulnera

Fuzzing for Fun and Profit

So as you do, I was just looking around, manually fuzzing some Web Sockets requests, seeing if I could get any sort of XSS, Remote IRC Command Injection or SQLi mainly – ended up that I didn’t find much there that worse worth noting. So I started seeing if their logic was all alright, so one of their requests looked similar to: {“_reqid”:1234, “cid”:5678, “t
Publish At:2015-10-13 17:40 | Read:2716 | Comments:0 | Tags:exploitation fuzzing infosec pentesting pentura security Sof

Dharma – Generation-based Context-free Grammar Fuzzing Tool

Dharma is a tool used to create test cases for fuzzing of structured text inputs, such as markup and script. It takes a custom high-level grammar format as input, and produces random well-formed test cases as output – it can be used as a grammar fuzzing tool.API programming is complex and subtle programming mistakes in new code can introduce annoying c
Publish At:2015-07-20 18:20 | Read:2509 | Comments:0 | Tags:Exploits/Vulnerabilities Hacking Tools Programming api fuzze

zzuf – Multi-Purpose Application Input Fuzzing Tool

zzuf is a transparent application input fuzzing tool or fuzzer. Its purpose is to find bugs in applications by corrupting their user-contributed data (which more than often comes from untrusted sources on the Internet). It works by intercepting file and network operations and changing random bits in the program’s input.zzuf’s behaviour is deterministic, maki
Publish At:2015-06-09 23:25 | Read:3277 | Comments:0 | Tags:Hacking Tools Programming app fuzzing application fuzzing ap

Fuzzing with AFL-Fuzz, a Practical Example ( AFL vs binutils )

It's been a few weeks I've been playing with afl-fuzz ( american fuzzy lop ), a great tool from lcamtuf which uses binary instrumentation to create edge-cases for a given software, the description on the website is: American fuzzy lop is a security-oriented fuzzer that employs a novel type of compile-time instrumentation and genetic algorithms to automat
Publish At:2015-04-30 20:55 | Read:5621 | Comments:0 | Tags:exploit afl fuzzing lcamtuf fuzzer binary instrumentation gc

ELF Parsing Bugs by Example with Melkor Fuzzer

By Alejandro Hernandez @nitr0usmx(Extract from white paper at http://www.ioactive.com/pdfs/IOActive_ELF_Parsing_with_Melkor.pdf )Too often the development community continues to blindly trust the metadata in Executable and Linking Format (ELF) files. In this paper, Alejandro Hernández walks you through the testing process for seven applications an
Publish At:2014-11-06 13:05 | Read:4517 | Comments:0 | Tags:Alejandro Hernandez crash ELF file format fuzzing GCC gdb Me

Creating Custom Peach Fuzzer Publishers

by Brad Antoniewicz.Peach is arguably the most established, freely available fuzzer out there. It has tons of built in functionality to support a huge range of features. While you can data model even the most complex protocols, you can only go so far with a PeachPit before you realize that you just need a custom publisher. In this blog post we'll show how t
Publish At:2014-08-12 02:11 | Read:4024 | Comments:0 | Tags:application security fuzzing Peach Fuzzer

HITB2014AMS – Day 1 – Harder, Better, Faster Fuzzer: Advances in BlackBox Evolutionary Fuzzing

Vulnerability HuntingActive security testing, Fabien explains, is the process of generating input which travel in the application, hit a sink and violate a property.  It applies to all kinds of vulnerabilities, not just limited to buffer overflows or memory corruption bugs.   Blackbox and whitebox/greybox testing (both
Publish At:2014-08-10 15:20 | Read:3855 | Comments:0 | Tags:Cons and Seminars black-box evolutionary algorithm Fabien Du


Share high-quality web security related articles with you:)


Tag Cloud