[WEB SECURITY] WAF XSS Fuzzer?!

Ryan Dewhurst ryandewhurst at gmail.com
Sun Feb 6 15:15:28 EST 2011


Thanks all for the great replies and resources!

I will take my time to go through the responses and test the tools.

Ryan Dewhurst

blog www.ethicalhack3r.co.uk
projects www.dvwa.co.uk | www.webwordcount.com
twitter www.twitter.com/ethicalhack3r


On Fri, Feb 4, 2011 at 11:10 AM, <melihtanfayed at engineer.com> wrote:

>
> I have seen this in turkish owasp mailing list. it is not smart but usefull
> for testing waf systems.
>
> waf tester - http://ttlexpired.com/blog/?p=234
>
> Cheers
>
>  *From:* websecurity-bounces at lists.webappsec.org [mailto:
> websecurity-bounces at lists.webappsec.org] *On Behalf Of *Ryan Dewhurst
> *Sent:* Wednesday, February 02, 2011 1:37 PM
> *To:* websecurity at lists.webappsec.org
> *Subject:* [WEB SECURITY] WAF XSS Fuzzer?!
>
> Hi list,
>
> I was wondering if such a thing existed and if not, would such a thing be
> possible?
>
> Or does WAF evasion always need some degree of intelligence to produce a
> viable payload?
>
> I must admit my WAF evasion knowledge is quite poor. I am awaiting The Web
> Application Obfuscation book as a starting point.
>
> Thanks,
> Ryan
>
> Ryan Dewhurst
>
> blog www.ethicalhack3r.co.uk
> projects www.dvwa.co.uk | www.webwordcount.com
> twitter www.twitter.com/ethicalhack3r
>
> _______________________________________________
> The Web Security Mailing List
>
> WebSecurity RSS Feed
> http://www.webappsec.org/rss/websecurity.rss
>
> Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
> WASC on Twitter
> http://twitter.com/wascupdates
>
> websecurity at lists.webappsec.org
> http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20110206/c429037a/attachment-0003.html>


More information about the websecurity mailing list