Well it seems that Firefox 2.0.0.14 has provided the most interesting results with my protocol fuzzer. Char: 56320, link: jav�ascript: Char: 56321, link: jav�ascript: Char: 56322, link: jav�ascript: Char: 56323, link: jav�ascript: Char: 56324, link: jav�ascript: Char: 56325, link: jav�ascript: ,, ,, ,, ,, All the way to:- char: 57343, link: jav�ascript: and hex entities […]
Archives for the Month of June, 2008
Javascript protocol fuzzer
Wednesday, 25 June 2008
Continuing the theme of fuzzers, I’ve wrote a Javascript protocol fuzzer. The goal was to try and produce every variation of javascript execution from links. It uses PHP and Javascript in order to maximize the speed of scanning, this means it can scan around 5000 links at a time. Any ideas on improving the options […]
XSS tag fuzzer
Wednesday, 18 June 2008
It’s been a while since I’ve blogged but I’m pretty busy at the moment with my new baby and also moving jobs as I was made redundant. I thought I’d combine my work with my blogging as I’m working on some XSS vectors for IE8. During the process I built a simple tag fuzzer which […]