Gfuzz is a web application fuzzing environment which combines fine-grained taint analysis on the server-side (using CORE Grasp) with grammar-based analysis. This allows to perform fuzzing tests and accurately detect attacks feeding the grammar analyzer with the executed SQL queries (on the server side) together with security taint marks for each query.
On the GUI the tester has for each executed SQL query (on the server side):
- The text of the executed query, with controlled characters hightlighted.
- Fuzz vector which triggered the query:
- Attack string submitted.
- Input point (form input / get parameter) where attack string was submitted.
- File and line inside the file (remote) where the SQL query was executed.
- CORE GRASP analysis of the security level of the query.
- Grammar-based analysis of the security level of the query.
This prototype aids the security tester in the task of determining which alerts raised by the fuzzer are real attacks and for the queries which do not comprise an attack, it allows the tester to reformulate the attack vectors in order to exploit SQL-injection vulnerabilities.
- A gfuzz-modified Core Grasp patch (CORE_GRASP_GFUZZ.patch). Included in with the package.
- A fresh PHP 5.2.3 tree (http://museum.php.net/php5/php-5.2.3.tar.gz)
- Python (http://www.python.org)
- Beautiful Soup (http://www.crummy.com/software/BeautifulSoup). Included in with the package.
- Pyparsing (http://pyparsing.wikispaces.com)
- WxPython (http://wxpython.org)
- gFuzz package files
gfuzz (0.1), tar.gz file. MD5:19fd07482a3b00d65fd65e98567ee51f
- gFuzz is distributed under openBSD license.
- CORE GRASP and its modified gFuzz version (bundled with this package) are distributed under Apache 2.0 license.
Whether you want to report a bug, collaborate or give some suggestions on this package, drop us a few lines at oss@. To contact me, Ezequiel Gutesman, the author, you can reach me at gutes@. I'm planning a complete rewrite of the tool soon.
- Release date: November 2008
- License type: OpenBSD and Apache2