JBroFuzz

The OWASP JBroFuzz Project is a web application fuzzer for requests being made over HTTP and/or HTTPS. Its purpose is to provide a single, portable application that offers stable web protocol fuzzing capabilities.

Features

Commandline support - main class analyzing and executing the commandline options
Added --no-execute option to command line support
Added "Connection: close" preference option to be added to the headers automatically
Massive UI revamp for Fuzzing Tab: Contains 3 Sub-Tabs: Input, Output, On the wire
Introduction of Fuzzing Transforms for those double-URL, triple-Base64 encodings
Added HTTP proxy support & authentication for checking updates
EncoderHashWindow improvements in keeping history within different row selections
Fixed ZBase32 Encoding/Decoding to work as Phil wants it to
Prefix/Suffix in Fuzzer Transforms: http://www.owasp.org/index.php/OWASP_JBroFuzz_Tutorial#Added_Fuzzer_Transformations
Added a plain-text encoder, similar to Zero-Fuzzer for theoretical completeness
Fixed a bunch of supposed "security holes" reported by static analyzers
Small Oracle payloads update

Project Samples

Sending single requests to a list of different web servers

A pie chart of the status codes obtained while fuzzing

Project Activity

See All Activity >

License

GNU General Public License version 2.0 (GPLv2)

Follow JBroFuzz

JBroFuzz Web Site

nel_h2

AI-powered service management for IT and enterprise teams

Enterprise-grade ITSM, for every business

Give your IT, operations, and business teams the ability to deliver exceptional services—without the complexity. Maximize operational efficiency with refreshingly simple, AI-powered Freshservice.

Try it Free

Rate This Project

User Ratings

5.0 out of 5 stars

★★★★★

★★★★

★★★

★★

★

ease 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 0 / 5

features 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 0 / 5

design 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 0 / 5

support 1 of 5 2 of 5 3 of 5 4 of 5 5 of 5 0 / 5

User Reviews

Filter Reviews:

All

yns000 Posted 2009-12-23

The best way of communicating a web vulnerability with .jbrofuzz files

Additional Project Details

Operating Systems

BSD, Linux, Windows

Intended Audience

Advanced End Users, Information Technology, System Administrators

User Interface

Java Swing

Programming Language

Java

Related Categories

Java Security Software

Registered

2006-10-25

Similar Business Software

SparkView

Fast, secure and reliable remote access to desktops, applications and servers. SparkView offers a simple and secure way to connect untrusted devices to your desktops and applications. The ZTNA solution with no installation on the client provides secure remote access from any device with a...

See Software
Thinfinity Workspace

Thinfinity® Workspace 7 is a comprehensive, secure platform that offers a zero-trust approach, enabling secure and contextual access to corporate virtual desktops, virtual applications, internal web apps, SaaS, and files, whether they are on Windows, Linux, or mainframes. It supports various...

See Software
KrakenD

KrakenD is a high-performance API Gateway optimized for resource efficiency, capable of managing 70,000 requests per second on a single instance. The stateless architecture allows for straightforward, linear scalability, eliminating the need for complex coordination or database...

See Software
Seeker

Seeker® is an interactive application security testing (IAST) solution that provides unparalleled visibility into your web application's security posture. It identifies vulnerability trends against compliance standards such as OWASP Top 10, PCI DSS, GDPR, CAPEC, and CWE/SANS Top 25. Seeker...

See Software
OWASP ZAP

OWASP ZAP (Zed Attack Proxy) is a free, open-source penetration testing tool being maintained under the umbrella of the Open Web Application Security Project (OWASP). ZAP is designed specifically for testing web applications and is both flexible and extensible. At its core, ZAP is what is known...

See Software
Barracuda Application Protection

Barracuda Application Protection is an integrated platform that provides comprehensive security for web applications and APIs across on-premises, cloud, or hybrid environments. It combines full Web Application and API Protection (WAAP) functionality with advanced security services to defend...

See Software