-
Notifications
You must be signed in to change notification settings - Fork 2.1k
usagehints
Burp Intruder
-
Security Ninja tutorial for Burp Intruder - http://www.securityninja.co.uk/burp-suite-tutorial-intruder-tool-version-2
-
Security Ninja Burp Suite Repeater and Comparer tutorial - http://www.securityninja.co.uk/burp-suite-tutorial-repeater-and-comparer-tools
-
How to use fuzzdb's regex/errors.txt in burpsuite intruder to find more bugs http://code.google.com/p/fuzzdb/wiki/regexerrors
-
Burp Intruder docs http://portswigger.net/intruder/help.html
-
Burp Suite with Google Android Emulator http://cktricky.blogspot.com/2010/04/android-emulator-burpsuite.html
Web Scarab
-
Script that writes the page to the filesystem http://pentesterconfessions.blogspot.com/2007/12/webscarab-scripting-and-fuzzing.html
-
Webscarab Fuzzer docs http://dawes.za.net/rogan/webscarab/docs/fuzzer.html
File and Directory Discovery
- Interesting new way to identify directories that exist http://soroush.secproject.com/blog/2010/05/new-method-role-of-the-%E2%80%9C%E2%80%9D-character-in-mapping-the-website-directories/
Other software useful with fuzzdb on their own wiki page
I also maintain a collection of Firefox plugins useful to web app security testers, you can subscribe to the list using the Add-On Collector plugin to make setting up a new browser for testing easy - https://addons.mozilla.org/en-US/firefox/collection/webappsec