[WEB SECURITY] WAF XSS Fuzzer?!
ryandewhurst at gmail.com
Sun Feb 6 15:15:28 EST 2011
Thanks all for the great replies and resources!
I will take my time to go through the responses and test the tools.
projects www.dvwa.co.uk | www.webwordcount.com
On Fri, Feb 4, 2011 at 11:10 AM, <melihtanfayed at engineer.com> wrote:
> I have seen this in turkish owasp mailing list. it is not smart but usefull
> for testing waf systems.
> waf tester - http://ttlexpired.com/blog/?p=234
> *From:* websecurity-bounces at lists.webappsec.org [mailto:
> websecurity-bounces at lists.webappsec.org] *On Behalf Of *Ryan Dewhurst
> *Sent:* Wednesday, February 02, 2011 1:37 PM
> *To:* websecurity at lists.webappsec.org
> *Subject:* [WEB SECURITY] WAF XSS Fuzzer?!
> Hi list,
> I was wondering if such a thing existed and if not, would such a thing be
> Or does WAF evasion always need some degree of intelligence to produce a
> viable payload?
> I must admit my WAF evasion knowledge is quite poor. I am awaiting The Web
> Application Obfuscation book as a starting point.
> Ryan Dewhurst
> blog www.ethicalhack3r.co.uk
> projects www.dvwa.co.uk | www.webwordcount.com
> twitter www.twitter.com/ethicalhack3r
> The Web Security Mailing List
> WebSecurity RSS Feed
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
> WASC on Twitter
> websecurity at lists.webappsec.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the websecurity