Gfuzz is a web application fuzzing environment which combines fine-grained taint analysis on the server-side (using CORE Grasp) with grammar-based analysis. This allows to perform fuzzing tests and accurately detect attacks feeding the grammar analyzer with the executed SQL queries (on the server side) together with security taint marks for each query.
On the GUI the tester has for each executed SQL query (on the server side):
- The text of the executed query, with controlled characters highlighted.
- Fuzz vector which triggered the query:
- Attack string submitted.
- Input point (form input / get parameter) where attack string was submitted.
- File and line inside the file (remote) where the SQL query was executed.
- CORE GRASP analysis of the security level of the query.
- Grammar-based analysis of the security level of the query.
This prototype aids the security tester in the task of determining which alerts raised by the fuzzer are real attacks and for the queries which do not comprise an attack, it allows the tester to reformulate the attack vectors in order to exploit SQL-injection vulnerabilities.