-
Notifications
You must be signed in to change notification settings - Fork 8
Home
MBFuzzer will be developed for MITM (Man in the Middle) Fuzzing. Mobile applications use HTTP, SOAP, XML and JSON based data streams for communicate the servers. Many mobile applications use SSL Connect m$
- HTTP/HTTP Proxy Support
- HTTPS Connect Conversion Support (not fully functional)
- On-The-Fly Valid SSL certificate generation for target server (Under Development)
- Real-Time Response/Request Fuzzing Support
- Fake Service Installation via XML/JSON Templates (Under Development)
- Supports Different Injection Payloads using Templates
- Android Proxy - https://code.google.com/p/androidproxy
- Please make sure that your system has necessary packages installed before installation.
- For development platform Ruby in Ubuntu: sudo apt-get install ruby1.9.3
- git clone git@github.com:YakindanEgitim/mbfuzzer.git
-
MBFuzzer requires proxy address & port number in starting.
-
By default, it is running on address 127.0.0.1 & port 8080.
-
Running command under test file of MBFuzzer Project:
ruby mbfuzzer.rb [address] [port]
###Fuzzing Templates
Purpose of the search & replace structure is finding target element name and changing value of the element according to url. The url field could be any key in the url instead of whole address.
<searchreplace>
<url> [target url address] </url>
<target> [element name ] </target>
<newdata> [replaced data] </newdata>
</searchreplace>
Big Data Entry structure aims that applying big data like A*10000 inorder to give vulnerability information using data and count tags by element name. Url feature is the same like search and replace structure.
<bigdata>
<url> [target url address] </url>
<name> [element name] </name>
<data> [repeated data] </data>
<count> [number of repetitions] </count>
</bigdata>