Tuesday, 30 June 2009 21:23 |
Well it has certainly been a while since Fuzzware was last updated but it is finally done and ready for action! The main introduction in this release is support for fuzzing Web Services and ActiveX controls. This is a slight departure for Fuzzware as a data format fuzzer, as I wanted to see whether or not the idea of using XML Schema as a data format description language could be extended to using it to describe an interface. It soon became apparent the answer was yes, but I would have to come up with my own format for describing the interface. However I didn't believe this was in the spirit of Fuzzware as I have always tried to minimise the amount Fuzzware specific language that needed to be known. The solution was to use WSDL files; they are a standard and use XML Schema to describe all their data type and structure information and although they were designed for Web Services they seem like they can be used for describing other interfaces as well (for example ActiveX controls, I literally create a WSDL describing the interface of the control). This release also introduces a brand new user interface. The user interface for version 1.4 was fairly horrible, not only in appearance but also in usability. The new user interface is much cleaner, simpler and more intuitive to use, but of course there are probably many improvements I could make. The new UI also introduces the concept of Projects, you just need to specify a directory and all the hassle of the configuration files can be avoided. Saying that, nothing has really changed in the backend, you can still run Schemer.exe passing in the configuration file and everything will still just work. This version also introduces an installer. On XP it didn't really matter if all the examples were stored in whatever directory Fuzzware was installed, but on Vista and higher this was proving a nuisance, so the solution was to have an installer that could copy the examples to a 'Fuzzware Projects' directory in your user profile, which can also be used to store your own Projects. Aside from that, there are numerous bug fixes, more examples, and this new website to give people the information they need to use Fuzzware the way it is supposed to be used; to find bugs and make software better. |
|
Monday, 29 June 2009 22:37 |
This is the brand new website for Fuzzware, a fuzzing framework to help you with your software testing and security assessment needs. Fuzzware can do a lot so there are a lot of pages here giving tutorials and reference information to help you get up and fuzzng in no time at all. |
|
|
|