• Home
• org.owasp.jbrofuzz
• jbrofuzz
• 2.5.1
• source code
• faq-05.html

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

help.faq-05.html Maven / Gradle / Ivy

JBroFuzz FAQ - Fuzzers & Payloads 


  

    
Q: What is a Fuzzer?
  

 

  

    

	  
The following list represents a number of axioms according to which JBroFuzz defines and uses fuzzing concepts. 


 A fuzzer is a set of payloads
 The algorithm that defines how the payloads of a fuzzer get combined in sequential order, defines the type of fuzzer
 A prototype is the base form description (a bit like a signature) from which a fuzzer can be created

Ergo within JBroFuzz, prototype definitions are stored in a file called fuzzers.jbrf. Each prototype corresponds to a fuzzer, containing information such as the type of fuzzer, the number of payloads it has, etc. 
Finally, a fuzzing database is collection of fuzzers, as constructed by a set of prototypes. Welcome to the org.owasp.jbrofuzz.core library!

	
  


 


  

    
Q: Where are all the fuzzer definitions stored?

    
  

 

  

    
All fuzzer definitions are loaded from the file fuzzers.jbrf
      

      

      
This is an internal file within JBroFuzz and can be found inside the JBroFuzz.jar java archive. 
      
 
      

	  
In the win32 and msi releases for every version, they are embedded inside the executable, would not recommend pulling them from there.
	  

	  

	  
In the jar release, you can find all fuzzer definitions within the file 'fuzzers.jbrf' in the root directory of the compressed jar file. Rename the JBroFuzz.jar to JBroFuzz.zip and access as a normal zip archive to obtain and modify the file.
	  

	  

	  
Online at: http://jbrofuzz.svn.sourceforge.net/viewvc/jbrofuzz/tar/fuzzers.jbrf
	  

	  
As part of the subversion repository.
	 
  


 


  

    
Q: How do I learn more about fuzzing?
  

 

  

    
An attempt to define the term can be found on the spike mailing list:
      
 
      
http://marc2.theaimsgroup.com/?l=spike&m=105606327823227&w=2
      
 
	  
"Fuzzing is a methodology for finding flaws in a protocol by crafting
			different types of packets for that protocol which contain data that
			pushes the protocol's specifications to the point of breaking them, and
			sending these packets to a system capable of receiving that protocol,
			and finally monitoring the results."
	  
 
	  
The above definition focuses more on protocols and packets, within the JBroFuzz documentation you will find:
	  
 
	  
"JBroFuzz has attempted to expose the intrinsic beauty of the subject: Constantly submit a vast amount of payloads to a service, device or prompt, waiting for the one response that makes all the difference. This is the mentality that JBroFuzz embraces and attempts to offer back to security professionals."
	  
 
      
http://en.wikipedia.org/wiki/Fuzzing