[Owasp-JBroFuzz] JBroFuzz 2.4 release
ranulf at seleucus.net
Sun Sep 19 18:12:34 EDT 2010
we have made some interesting changes to the application for release 2.4:
Command line support
There is now command line support for loading a session or running a session
without the need to open a window. In addition, a help document is also
available using the -h option. The script to load JBroFuzz has been
updated to parse command line arguments.
Problems within the Zbase32 encoding have now been resolved. It is my
understanding that Zbase32 specification states that padding characters
(=) are not required hence these have been removed.
The Fuzzing tab interface design has changed to provide greater
functionality and clearer presentation. Changes have also been made to
Functionality to transform payloads with multiple encodings, prefix
and suffix or match and replace
has been added. Transforms can be ordered, added or removed as the user
And the following features:
- Added --no-execute option to command line support
- Added "Connection: close" preference option to be added to the
- Added HTTP proxy support & authentication for checking updates
- EncoderHashWindow improvements in keeping history within different
- Added a plain-text encoder, similar to Zero-Fuzzer for theoretical
- Fixed a bunch of supposed "security holes" reported by static analysers
- Small Oracle payloads update
We are looking to implement a database backend as the next significant
functional change following this the following are on the radar:
- full command line support for defining payloads and requests.
- implement changes to the payloads tab to define customised fuzzers
and provide a more easy to use interface.
- multi threading for fuzzing sessions.
More information about the owasp-jbrofuzz