JBroFuzz / Bugs / #1 Payload in the wrong location

#1 Payload in the wrong location

Status: open-fixed

Owner: Nathan Sportsman

Labels: None

Priority: 5

Updated: 2010-05-26

Created: 2010-05-06

Creator: Anonymous

Private: No

When you try to fuzz a certain parameter, the fuzz payload is misplaced.
Steps:
Create a request like this:
GET / HTTP/1.0
TestHeader:FuzzThisDigit-0

Highlight the 0 after "FuzzThisDigit-"
Click Add
Select a Base number payload.
Run the Fuzz.

Expected Results:
The number 0 is changed to the numbers in the payload.

Actual Results:
The dash character, right before the zero, is fuzzed instead.
See screenshot attached.

You can validate the results in the "On the Wire" window or by hooking up a packet capture.

Other Notes:
It appears that everytime there is a line feed the location is off by one character... almost as if the location SELECTOR is not counting the Line Feeds, but the actual fuzzer is.

I did some testing and found that this use to work in version 1.3. But from version 1.4 and up, all the way to version 2.1 it is broken.

I tested this on Windows 2003 and Windows XP using Java 6 Update 20.

Discussion

Nobody/Anonymous - 2010-05-06

Screen shot of misplaced payload.

JProFuzz.PNG

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

yiannis - 2010-05-26

assigned_to: nobody --> nsportsman
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

yiannis - 2010-05-26

This has now being addressed in the 2.2 release. Thank you for your post, please keep them coming!

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

yiannis - 2010-05-26

status: open --> open-fixed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Payload in the wrong location

Group

Searches

Help

#1 Payload in the wrong location

Discussion