Hi, 
Guest
Pic
Sign In

websecurity@lists.webappsec.org

The Web Security Mailing List

View all threads

Re: [WEB SECURITY] WAF XSS Fuzzer?!

M
melihtanfayed@engineer.com
Fri, Feb 4, 2011 11:10 AM

I have seen this in turkish owasp mailing list. it is not smart but usefull for testing waf systems.

waf tester - http://ttlexpired.com/blog/?p=234

Cheers

From: websecurity-bounces@lists.webappsec.org[mailto:websecurity-bounces@lists.webappsec.org] On Behalf Of RyanDewhurst
Sent: Wednesday, February 02, 2011 1:37 PM
To: websecurity@lists.webappsec.org
Subject: [WEB SECURITY] WAF XSS Fuzzer?!

Hi list,

I was wondering if such a thing existed and if not, would such a thing bepossible?

Or does WAF evasion always need some degree of intelligence to produce a viablepayload?

I must admit my WAF evasion knowledge is quite poor. I am awaiting The WebApplication Obfuscation book as a starting point.

Thanks,
Ryan

Ryan Dewhurst

blog www.ethicalhack3r.co.uk
projects www.dvwa.co.uk | www.webwordcount.com
twitter www.twitter.com/ethicalhack3r

I have seen this in turkish owasp mailing list. it is not smart but usefull for testing waf systems. waf tester - http://ttlexpired.com/blog/?p=234 Cheers From: websecurity-bounces@lists.webappsec.org[mailto:websecurity-bounces@lists.webappsec.org] On Behalf Of RyanDewhurst Sent: Wednesday, February 02, 2011 1:37 PM To: websecurity@lists.webappsec.org Subject: [WEB SECURITY] WAF XSS Fuzzer?! Hi list, I was wondering if such a thing existed and if not, would such a thing bepossible? Or does WAF evasion always need some degree of intelligence to produce a viablepayload? I must admit my WAF evasion knowledge is quite poor. I am awaiting The WebApplication Obfuscation book as a starting point. Thanks, Ryan Ryan Dewhurst blog www.ethicalhack3r.co.uk projects www.dvwa.co.uk | www.webwordcount.com twitter www.twitter.com/ethicalhack3r
RD
Ryan Dewhurst
Sun, Feb 6, 2011 8:15 PM

Thanks all for the great replies and resources!

I will take my time to go through the responses and test the tools.

Ryan Dewhurst

blog www.ethicalhack3r.co.uk
projects www.dvwa.co.uk | www.webwordcount.com
twitter www.twitter.com/ethicalhack3r

On Fri, Feb 4, 2011 at 11:10 AM, melihtanfayed@engineer.com wrote:

I have seen this in turkish owasp mailing list. it is not smart but usefull
for testing waf systems.

waf tester - http://ttlexpired.com/blog/?p=234

Cheers

From: websecurity-bounces@lists.webappsec.org [mailto:
websecurity-bounces@lists.webappsec.org] *On Behalf Of *Ryan Dewhurst
Sent: Wednesday, February 02, 2011 1:37 PM
To: websecurity@lists.webappsec.org
Subject: [WEB SECURITY] WAF XSS Fuzzer?!

Hi list,

I was wondering if such a thing existed and if not, would such a thing be
possible?

Or does WAF evasion always need some degree of intelligence to produce a
viable payload?

I must admit my WAF evasion knowledge is quite poor. I am awaiting The Web
Application Obfuscation book as a starting point.

Thanks,
Ryan

Ryan Dewhurst

blog www.ethicalhack3r.co.uk
projects www.dvwa.co.uk | www.webwordcount.com
twitter www.twitter.com/ethicalhack3r

The Web Security Mailing List

WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss

Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA

WASC on Twitter
http://twitter.com/wascupdates

websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org

Thanks all for the great replies and resources! I will take my time to go through the responses and test the tools. Ryan Dewhurst blog www.ethicalhack3r.co.uk projects www.dvwa.co.uk | www.webwordcount.com twitter www.twitter.com/ethicalhack3r On Fri, Feb 4, 2011 at 11:10 AM, <melihtanfayed@engineer.com> wrote: > > I have seen this in turkish owasp mailing list. it is not smart but usefull > for testing waf systems. > > waf tester - http://ttlexpired.com/blog/?p=234 > > Cheers > > *From:* websecurity-bounces@lists.webappsec.org [mailto: > websecurity-bounces@lists.webappsec.org] *On Behalf Of *Ryan Dewhurst > *Sent:* Wednesday, February 02, 2011 1:37 PM > *To:* websecurity@lists.webappsec.org > *Subject:* [WEB SECURITY] WAF XSS Fuzzer?! > > Hi list, > > I was wondering if such a thing existed and if not, would such a thing be > possible? > > Or does WAF evasion always need some degree of intelligence to produce a > viable payload? > > I must admit my WAF evasion knowledge is quite poor. I am awaiting The Web > Application Obfuscation book as a starting point. > > Thanks, > Ryan > > Ryan Dewhurst > > blog www.ethicalhack3r.co.uk > projects www.dvwa.co.uk | www.webwordcount.com > twitter www.twitter.com/ethicalhack3r > > _______________________________________________ > The Web Security Mailing List > > WebSecurity RSS Feed > http://www.webappsec.org/rss/websecurity.rss > > Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA > > WASC on Twitter > http://twitter.com/wascupdates > > websecurity@lists.webappsec.org > http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org > >
Empathy v1.0   2024 ©Harmonylists.com