Automated fuzzing

Fuzzing is the smash and grab of the hacking community. It focuses around sending a large amount of invalid content to a page and recording the results. It is the reprobates version of SQL Injection and arguably the base form of penetration testing (though you LOIC users out there are probably the base form of life form).

We will create a script that will take values from the FuzzDB meta-characters file and send them to every parameter available and record all the results. This is most definitely a brute-force attempt to identify vulnerabilities and requires a sensible human being to go through the results.

Getting ready

For this, you will require the FuzzDB from Mozilla. At the time of printing, this is available from https://code.google.com/p/fuzzdb/ ...

Get Python Web Penetration Testing Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Python Web Penetration Testing Cookbook by Cameron Buchanan, Terry Ip, Andrew Mabbitt, Benjamin May, Dave Mound

Automated fuzzing

Getting ready

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly