> Is there a better tutorial on how to use the WebScarab
Fuzzer
> than this:
[...]
> I'm on a project where this feature will be of great
use to me.
Jason, while WebScarab is a fine tool, in particular
regarding
the fuzzer I found its competitor Burp to be both easier to
use
and more powerful: http://portswigger.n
et/intruder/
Note that Burp is not open source, and the full version of
Burp
Intruder must be purchased at a moderate price, but the
fuzzing
mechanism (in contrast to the lists of attack strings you
might
want to try on an application) is contained in the free demo
version.
I'm sure that WebScarab will catch up, though -
Holger.
--
Dr. Holger Peine, Security and Safety
Fraunhofer IESE, Fraunhofer-Platz 1, 67663 Kaiserslautern,
Germany
Phone +49-631-6800-2134, Fax -1299 (shared)
PGP key via http://pgp.mit.edu ;
fingerprint is 1BFA 30CB E3ED BA99 E7AE
2BBB C126 A592 48EA F9F8
------------------------------------------------------------
-------------
Sponsored by: Watchfire
Watchfire's AppScan is the industry's first and leading
web application
security testing suite, and the only solution to provide
comprehensive
remediation tasks at every level of the application. Change
the way you
think about application security testing - See for yourself.
Download a Free Trial of AppScan 6.0 today!
https://www.watchfire.com/securearea/apps
cansix.aspx?id=701300000007kaF
------------------------------------------------------------
--------------
|