uy0iyw
Last Updated: February 25, 2016
·
1.654K
· santex
Datax

Brute Force Vulnerability Discovery

do you self a favor start fuzzing

(couch, ws, ajax etc)

pipe querys from your log out to tools like

wget or ab later cook up a automated in release interval

ab -c 30 -n 100000 -k http://127.0.0.1:3000/
for i in cat payload.*; do ab -c 30 -n 100000 -k http://127.0.0.1:80/ajax?q=$q; done

Say Thanks
Respond

2 Responses
Add your response

1115
Richhealeyavatar

cat payload.* | while read i; do ...; done is a much better construct as it doens't materialize the whole set in memory

over 1 year ago ·
1118
Datax

my point was the fuzzing which normally runs automatically.
so to start might get hands on.
there is real need to fuzz to learn how to, regardless how you invoke it
end of the learning process should be a automatic with exotic payload.
but guess for most even have trouble repeating known requests.

http://en.wikipedia.org/wiki/Fuzz_testing

over 1 year ago ·