I have seen this in turkish owasp mailing list. it is not smart but usefull for testing waf systems.
waf tester - http://ttlexpired.com/blog/?p=234
Cheers
From: websecurity-bounces@lists.webappsec.org[mailto:websecurity-bounces@lists.webappsec.org] On Behalf Of RyanDewhurst
Sent: Wednesday, February 02, 2011 1:37 PM
To: websecurity@lists.webappsec.org
Subject: [WEB SECURITY] WAF XSS Fuzzer?!
Hi list,
I was wondering if such a thing existed and if not, would such a thing bepossible?
Or does WAF evasion always need some degree of intelligence to produce a viablepayload?
I must admit my WAF evasion knowledge is quite poor. I am awaiting The WebApplication Obfuscation book as a starting point.
Thanks,
Ryan
Ryan Dewhurst
blog www.ethicalhack3r.co.uk
projects www.dvwa.co.uk | www.webwordcount.com
twitter www.twitter.com/ethicalhack3r
Thanks all for the great replies and resources!
I will take my time to go through the responses and test the tools.
Ryan Dewhurst
blog www.ethicalhack3r.co.uk
projects www.dvwa.co.uk | www.webwordcount.com
twitter www.twitter.com/ethicalhack3r
On Fri, Feb 4, 2011 at 11:10 AM, melihtanfayed@engineer.com wrote:
I have seen this in turkish owasp mailing list. it is not smart but usefull
for testing waf systems.
waf tester - http://ttlexpired.com/blog/?p=234
Cheers
From: websecurity-bounces@lists.webappsec.org [mailto:
websecurity-bounces@lists.webappsec.org] *On Behalf Of *Ryan Dewhurst
Sent: Wednesday, February 02, 2011 1:37 PM
To: websecurity@lists.webappsec.org
Subject: [WEB SECURITY] WAF XSS Fuzzer?!
Hi list,
I was wondering if such a thing existed and if not, would such a thing be
possible?
Or does WAF evasion always need some degree of intelligence to produce a
viable payload?
I must admit my WAF evasion knowledge is quite poor. I am awaiting The Web
Application Obfuscation book as a starting point.
Thanks,
Ryan
Ryan Dewhurst
blog www.ethicalhack3r.co.uk
projects www.dvwa.co.uk | www.webwordcount.com
twitter www.twitter.com/ethicalhack3r
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org