Over the last few days I’ve finally fixed a data enumeration bug that was haunting a new feature in Shazzer. Originally Shazzer just mutated one character at a time to discover characters which influenced the fuzz vectors in interesting ways. I decided to expand that to include data. I called the feature “datasets” because you […]

I lost inspiration for coding a while ago and had this idea I was sitting on for a while, I’m often stuck at the design stage before I write a line of code and I will refuse to continue without a clear picture in my head on how an app is going to work. After […]

Well it seems that Firefox 2.0.0.14 has provided the most interesting results with my protocol fuzzer. Char: 56320, link: jav&#56320ascript: Char: 56321, link: jav&#56321ascript: Char: 56322, link: jav&#56322ascript: Char: 56323, link: jav&#56323ascript: Char: 56324, link: jav&#56324ascript: Char: 56325, link: jav&#56325ascript: ,, ,, ,, ,, All the way to:- char: 57343, link: jav&#57343ascript: and hex entities […]

Continuing the theme of fuzzers, I’ve wrote a Javascript protocol fuzzer. The goal was to try and produce every variation of javascript execution from links. It uses PHP and Javascript in order to maximize the speed of scanning, this means it can scan around 5000 links at a time. Any ideas on improving the options […]

It’s been a while since I’ve blogged but I’m pretty busy at the moment with my new baby and also moving jobs as I was made redundant. I thought I’d combine my work with my blogging as I’m working on some XSS vectors for IE8. During the process I built a simple tag fuzzer which […]

I’ve created a separate tool for HTML/JS fuzzing, I decided to do this because Hackvertor does all the hard work of conversion and I can simply extend the functionality without writing much code. The tool is already very powerful and lets you traverse unicode characters and perform whatever conversions you require and in any position […]