Paramminer "fuzz" module #860
liquidsec
started this conversation in
Module Requests
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
In addition the the existing findings, we can emit new events type like "getparam" "header" etc. These could be picked up by a new paramminer module, which could conduct some basic fuzzing against the parameters. Things like simple XSS testing, heuristic-based SQLi testing, etc. This would be much less in scale than a burp scanner, and not be focused on definitively finding vulnerabilities but rather report behavior that is likely to be a vulnerability.
Example: a getparameter is found with the paramminer module. It gets passed to the paramminer fuzz module, which figures out the text is being reflected into an html attribute, and then sends a double quote to see if escaping the string is possible. This would not, for example, go all the way to finding a fully working XSS payload. It would point to the most likely cases at which you'd likely just bring a fully-developed tool in.
Beta Was this translation helpful? Give feedback.
All reactions