Shulou(Shulou.com)06/01 Report--

What is WEB fuzzy test

Originally designed to browse Web pages and parse HTML pages, Web browsers have developed into computer devices equivalent to the versatility of Switzerland. Modern Web browsers can handle multiple goals such as dynamic HTML pages, typed forms, multiple scripting languages, Javaapplet, an easy way to share content online (RSS), and FTP connections. Many extensions and plug-ins can be installed to transform the Web browser into a more flexible application. This flexibility allows companies like Google to shift some general-purpose desktop applications to Web applications again. Unfortunately for end users, the scope of * * has been increased as well as the functionality. There is no doubt that as more and more features are added to Web browsers, more and more vulnerabilities will be discovered.

WEB browser fuzzy test

One denominator I often find is that expectations are greater than expectations. "

-- GeorgeW.Bush,LosAngeles, September 27th, 2000

Client vulnerabilities quickly became the focus of attention because they were widely used by people for fishing, identity theft, and creating a large number of computer networks (botnets) connected to Internet that were infected and controlled by malicious code. Vulnerabilities in Web browsers provide a rich target environment for such browsers, as a vulnerability in mainstream browsers could affect millions of people. The client usually requires the use of some form of social science because the client must first force a potential victim to visit a malicious Web page. You can usually help implement this process through spam or by exploiting an additional vulnerability in mainstream Web sites. Coupled with the fact that individual users on Internet usually have little knowledge of computer security, it is not surprising that many people have shifted their focus to client-side vulnerabilities.

In many ways, browser errors became the most eye-catching vulnerability in 2006. The vulnerabilities found affect all major Web browsers, including Microsoft InternetExplorer and MozillaFirefox. The flaw is found when parsing morbid HTML tags, JavaScript, local image files such as JPG,GIF and PNG, CSS, and ActiveX controls. Many serious ActiveX vulnerabilities have been discovered that affect both the default installation of Microsoft's Windows operating system and third-party applications. In addition, hundreds of minor ActiveX vulnerabilities have been discovered. Although security researchers have shown some interest in ActiveX and COM audits in the past, this interest reached its highest level in 2006. An important factor in the vulnerabilities that exist in a large number of ActiveX controls is the common availability of the new, user-friendly ActiveX control auditing tool. In this chapter, we will discuss how to use fuzzy tests to discover Web browser vulnerabilities. If historical conclusions are used as a guide, a large number of browser errors will also be found.

Backtrack5 is a common tool for vulnerability security assessment, audit, and * * testing. It integrates a large number of vulnerability scanning tools, many of which are well-known tools. Today, our task is to learn the common and easy-to-use WEB fuzzy testing tools:

1. Dirbusterdirbuster is a tool for brute force cracking of paths and web pages, which can crack page paths that we have never visited or backstage by administrators.

We can see the information generated by the scanning process.

When we open the treeview, we recall the shape of the tree and see the scanned path information.

For the scanned information, we find that there is too much, so we can export the information to form a special file for our view.

You can also use the vi editor to produce the scan results.

The tool scans for a long time and depends on the cracking of the dictionary, but the scanning results are good!

2. Powerfuzzerpowerfuzzer is an automated webfuzz tool that tests the security of a website by sending a large number of requests. It is a graphical work interface.

Powerfuzzer tool is a site security detection tool that is easy to operate. You only need to enter the domain name of the target in URL. If you choose to use a proxy, you can use the proxy function of the tool.

Process information generated during the scan

Look at the results of the scan report

The use of the tool is very simple, only a simple operation can be completed to scan the security of the website.

We are through the fuzzy test of the site, we can protect the security of the site to a great extent, fuzzy testing of the site is a necessary knowledge for every website manager!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.