fuzzing

问题 Are there frameworks that can perform fuzztesting on WebApplications? I know that Selenium and WebDriver are used to build tests for web-applications, but I am particulary interested in libraries, frameworks or projects that have fuzz-testing built-in, so I do not need to re-invent the wheel. For example, I could benefit from these features: randomized link clicking randomized form filling 'back' and 'forward' clicking random mouse movement and clicking javascript support Does anyone know of

问题 Are there frameworks that can perform fuzztesting on WebApplications? I know that Selenium and WebDriver are used to build tests for web-applications, but I am particulary interested in libraries, frameworks or projects that have fuzz-testing built-in, so I do not need to re-invent the wheel. For example, I could benefit from these features: randomized link clicking randomized form filling 'back' and 'forward' clicking random mouse movement and clicking javascript support Does anyone know of

问题 Are there frameworks that can perform fuzztesting on WebApplications? I know that Selenium and WebDriver are used to build tests for web-applications, but I am particulary interested in libraries, frameworks or projects that have fuzz-testing built-in, so I do not need to re-invent the wheel. For example, I could benefit from these features: randomized link clicking randomized form filling 'back' and 'forward' clicking random mouse movement and clicking javascript support Does anyone know of

问题 I have this warning (Last new path : none yet (odd, check syntax!)) in red after I try to fuzzing a file. I have no idea why it happens and I googled with no answers. My command is like: afl-fuzz -i testcases/ -o findings/ tcpdump-4.6.2/tcpdump -nr @@ 回答1: It usually means that your command line doesn't actually read the file. Try running it without afl-fuzz, substituting @@ with a path to a file from the testcases directory. Hopefully tcpdump's message will tell you what is wrong. In the

问题 Just one question : what is the size in bytes of the header of a .mp4 file ? The goal is to fuzz just this header. Thanks Karl 回答1: It depends. ISO media container format (.mp4) uses a strusture of elements called atoms . It depends on the number of tracks, the H.264 encoding properties, the muxers also like to put their names in the file in a free atom. Expect it to be at least 1 kByte. Anything over 4k is not very likely. If you encounter the string mdat (header of the movie data atom), the

问题 I'm new to Selenium, and also fuzz testing. I see that Selenium IDE only allows the fixed test cases. But then fuzz testing seems to be helpful. So what's behind a fuzz testing, what kind of tests does Selenium offer, is this a black box or white box testing. Any help would be appreciated. 回答1: For a short answer: Selenium is mostly about black-box testing, but you could do some whiter testing also with Selenium. Selenium RC gives you much more freedom to do fuzz testing than Selenium IDE.

问题 I am trying to run Sulley's (the fuzzer) "network_monitor.py" on an Ubuntu vm. Everytime I do, I get the following error. pcapy.PcapError: No valid interfaces to open I believe that this has little to do with the code I am running it in, because when I run python >>> import pcapy >>> devices = pcapy.findalldevs() I get the same error Any hints on what's going on would be amazing. Thanks so much in advance 回答1: Try to use it with sudo . Pcapy, AFAIK, needs special rights to access interfaces.

问题 I'm attempting to learn the intricacies of fuzzing unknown protocols to locate vulnerabilities in applications. I'm using a publicly known vulnerable app, Disk Savvy Enterprise 10.4.18, which has a known SEH Buffer Overflow in it. I currently have a boofuzz script that I'm trying to utilize the process_monitor.py script with, and am unable to restart the service that is crashing. I have process_monitor.py running on my target machine, and am connecting to it successfully from my fuzzing

问题 I need a random object generator in JavaScript that generates a variety of objects with different fields and values. Any ideas where I can find such tool? I need to generate random objects with various complexity.. My goal is to use JSON in order to serialize these objects and fuzz test my application http api. 回答1: function createRandomObj(fieldCount, allowNested) { var generatedObj = {}; for(var i = 0; i < fieldCount; i++) { var generatedObjField; switch(randomInt(allowNested ? 6 : 5)) {

问题 Closed. This question is off-topic. It is not currently accepting answers. Want to improve this question? Update the question so it's on-topic for Stack Overflow. Closed 4 years ago . Are there any fuzzer libraries out there for Java? I'd like to sprinkle fuzzing capabilities into existing Java web-based automated integration tests. I've done a lot of searching but I'm coming up empty for a library that supports HTTP/S. There are a lot of Python tools, but I'd like to stick with Java since