[Owasp-JBroFuzz] JBroFuzz 2.4 release

Ranulf Green ranulf at seleucus.net
Sun Sep 19 18:12:34 EDT 2010

Hi Everybody,

we have made some interesting changes to the application for release 2.4:

Command line support

There is now command line support for loading a session or running a session
without the need to open a window. In addition, a help document is also
available using the -h option. The  script to load JBroFuzz has been
updated to parse command line arguments.


Problems within the Zbase32 encoding have now been resolved. It is my
understanding that Zbase32 specification states that padding characters
(=) are not required hence these have been removed.


The Fuzzing tab interface design has changed to provide greater
functionality and clearer presentation. Changes have also been made to
the en

Payload transforms

Functionality to transform payloads with multiple encodings, prefix
and suffix or match and replace
 has been added. Transforms can be ordered, added or removed as the user

And the following features:

- Added --no-execute option to command line support
- Added "Connection: close" preference option to be added to the
headers automatically
- Added HTTP proxy support & authentication for checking updates
- EncoderHashWindow improvements in keeping history within different
row selections
- Added a plain-text encoder, similar to Zero-Fuzzer for theoretical
- Fixed a bunch of supposed "security holes" reported by static analysers
- Small Oracle payloads update

We are looking to implement a database backend as the next significant
functional change following this the following are on the radar:

- full command line support for defining payloads and requests.
- implement changes to the payloads tab to define customised fuzzers
and provide a more easy to use interface.
- multi threading for fuzzing sessions.



More information about the owasp-jbrofuzz mailing list