{"id":92,"date":"2008-09-24T13:31:51","date_gmt":"2008-09-24T18:31:51","guid":{"rendered":"http:\/\/www.webadminblog.com\/?p=92"},"modified":"2008-09-24T13:31:51","modified_gmt":"2008-09-24T18:31:51","slug":"jbrofuzz-building-a-java-fuzzer-for-the-web-owasp-appsec-nyc-2008","status":"publish","type":"post","link":"https:\/\/www.webadminblog.com\/index.php\/2008\/09\/24\/jbrofuzz-building-a-java-fuzzer-for-the-web-owasp-appsec-nyc-2008\/","title":{"rendered":"JBroFuzz: Building a Java Fuzzer for the Web &#8211; OWASP AppSec NYC 2008"},"content":{"rendered":"<p>This presentation was by <a class=\"external text\" title=\"http:\/\/www.owasp.org\/index.php\/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Yiannis_Pavlosoglou\" rel=\"nofollow\" href=\"http:\/\/www.owasp.org\/index.php\/OWASP_NYC_AppSec_2008_Conference-SPEAKER-Yiannis_Pavlosoglou\">Yiannis Pavlosoglou<\/a> who is the developer on the OWASP fuzzing project.<\/p>\n<p>Address the challenges of fuzzing, during applicaton layer penetration tests and security assessments.\u00a0 Designed for fuzzing web applications.\u00a0 Open-source and free.\u00a0 Written in Java.\u00a0 Scriptable.<\/p>\n<p><span style=\"text-decoration: underline;\"><strong>Fuzzer Workflow<\/strong><\/span><\/p>\n<ul>\n<li>Select fuzzers<\/li>\n<li>Send requests<\/li>\n<li>Collect responses<\/li>\n<li>Compare results<\/li>\n<\/ul>\n<p>Building a fuzzer entails a stable, ease to use interface, a solid fuzzing engine, and unconventional protocol APIs.<\/p>\n<p><span style=\"text-decoration: underline;\"><strong>Likely Problems:<\/strong><\/span><\/p>\n<ul>\n<li>How do you group payloads?<\/li>\n<li>How do you customize\/iterate through permutations?<\/li>\n<li>Cannot use Apache HTTP Commons<\/li>\n<li>Cannot use Java HTTP\/S Libraries<\/li>\n<\/ul>\n<p><span style=\"text-decoration: underline;\"><strong>Addressing Problems:<\/strong><\/span><\/p>\n<ul>\n<li>Graphical User Interface<\/li>\n<li>Write requests\/responses to a file<\/li>\n<li>Payloads read from file<\/li>\n<li>Payloads grouped into fuzzers<\/li>\n<li>Fuzzers grouped into categories<\/li>\n<li>Use TCP Sockets for fuzzing<\/li>\n<li>Implement POST &#8220;Content-Length&#8221;<\/li>\n<li>Support SSL sockets for fuzzing<\/li>\n<li>Support HTTP\/1.1 chunked encoding<\/li>\n<\/ul>\n<p>47 classes spread into 13 packages.\u00a0 13,123 lines of java code.\u00a0 Do one thing and do it well!\u00a0 Tell the user what you are putting on the wire.\u00a0 Don&#8217;t obey HTTP\/S.\u00a0 Trust the JBroFuzz Core to generate payloads.<\/p>\n<p><span style=\"text-decoration: underline;\"><strong>Roadmap<\/strong><\/span><\/p>\n<ul>\n<li>MSI Installer<\/li>\n<li>Basic NTLM Authentication<\/li>\n<li>Proxy Requests<\/li>\n<li>Graphing Tab<\/li>\n<\/ul>\n<p>E-mail yiannis@owasp.org with questions.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This presentation was by Yiannis Pavlosoglou who is the developer on the OWASP fuzzing project. Address the challenges of fuzzing, during applicaton layer penetration tests and security assessments.\u00a0 Designed for fuzzing web applications.\u00a0 Open-source and free.\u00a0 Written in Java.\u00a0 Scriptable. Fuzzer Workflow Select fuzzers Send requests Collect responses Compare results Building a fuzzer entails a [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[127],"tags":[76,128,144,145,12,622],"class_list":["post-92","post","type-post","status-publish","format-standard","hentry","category-owasp-appsec-nyc-2008","tag-application","tag-appsec","tag-fuzzer","tag-jbrofuzz","tag-owasp","tag-security"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO 4.9.10 - aioseo.com -->\n\t<meta name=\"description\" content=\"This presentation was by Yiannis Pavlosoglou who is the developer on the OWASP fuzzing project. Address the challenges of fuzzing, during applicaton layer penetration tests and security assessments. Designed for fuzzing web applications. Open-source and free. Written in Java. Scriptable. Fuzzer Workflow Select fuzzers Send requests Collect responses Compare results Building a fuzzer entails a\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<meta name=\"author\" content=\"Josh\"\/>\n\t<link rel=\"canonical\" href=\"https:\/\/www.webadminblog.com\/index.php\/2008\/09\/24\/jbrofuzz-building-a-java-fuzzer-for-the-web-owasp-appsec-nyc-2008\/\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO (AIOSEO) 4.9.10\" \/>\n\t\t<meta property=\"og:locale\" content=\"en_US\" \/>\n\t\t<meta property=\"og:site_name\" content=\"Web Admin Blog | Real Web Admins.  Real World Experience.\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"JBroFuzz: Building a Java Fuzzer for the Web \u2013 OWASP AppSec NYC 2008 | Web Admin Blog\" \/>\n\t\t<meta property=\"og:description\" content=\"This presentation was by Yiannis Pavlosoglou who is the developer on the OWASP fuzzing project. Address the challenges of fuzzing, during applicaton layer penetration tests and security assessments. Designed for fuzzing web applications. Open-source and free. Written in Java. Scriptable. Fuzzer Workflow Select fuzzers Send requests Collect responses Compare results Building a fuzzer entails a\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/www.webadminblog.com\/index.php\/2008\/09\/24\/jbrofuzz-building-a-java-fuzzer-for-the-web-owasp-appsec-nyc-2008\/\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2008-09-24T18:31:51+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2008-09-24T18:31:51+00:00\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n\t\t<meta name=\"twitter:title\" content=\"JBroFuzz: Building a Java Fuzzer for the Web \u2013 OWASP AppSec NYC 2008 | Web Admin Blog\" \/>\n\t\t<meta name=\"twitter:description\" content=\"This presentation was by Yiannis Pavlosoglou who is the developer on the OWASP fuzzing project. Address the challenges of fuzzing, during applicaton layer penetration tests and security assessments. Designed for fuzzing web applications. Open-source and free. Written in Java. Scriptable. Fuzzer Workflow Select fuzzers Send requests Collect responses Compare results Building a fuzzer entails a\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/2008\\\/09\\\/24\\\/jbrofuzz-building-a-java-fuzzer-for-the-web-owasp-appsec-nyc-2008\\\/#article\",\"name\":\"JBroFuzz: Building a Java Fuzzer for the Web \\u2013 OWASP AppSec NYC 2008 | Web Admin Blog\",\"headline\":\"JBroFuzz: Building a Java Fuzzer for the Web &#8211; OWASP AppSec NYC 2008\",\"author\":{\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/author\\\/jsokol\\\/#author\"},\"publisher\":{\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/#organization\"},\"datePublished\":\"2008-09-24T13:31:51-05:00\",\"dateModified\":\"2008-09-24T13:31:51-05:00\",\"inLanguage\":\"en-US\",\"commentCount\":1,\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/2008\\\/09\\\/24\\\/jbrofuzz-building-a-java-fuzzer-for-the-web-owasp-appsec-nyc-2008\\\/#webpage\"},\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/2008\\\/09\\\/24\\\/jbrofuzz-building-a-java-fuzzer-for-the-web-owasp-appsec-nyc-2008\\\/#webpage\"},\"articleSection\":\"OWASP AppSec NYC 2008, application, appsec, fuzzer, jbrofuzz, owasp, Security\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/2008\\\/09\\\/24\\\/jbrofuzz-building-a-java-fuzzer-for-the-web-owasp-appsec-nyc-2008\\\/#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.webadminblog.com#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.webadminblog.com\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/category\\\/conferences\\\/#listItem\",\"name\":\"Conferences\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/category\\\/conferences\\\/#listItem\",\"position\":2,\"name\":\"Conferences\",\"item\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/category\\\/conferences\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/category\\\/conferences\\\/owasp-appsec-nyc-2008\\\/#listItem\",\"name\":\"OWASP AppSec NYC 2008\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.webadminblog.com#listItem\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/category\\\/conferences\\\/owasp-appsec-nyc-2008\\\/#listItem\",\"position\":3,\"name\":\"OWASP AppSec NYC 2008\",\"item\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/category\\\/conferences\\\/owasp-appsec-nyc-2008\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/2008\\\/09\\\/24\\\/jbrofuzz-building-a-java-fuzzer-for-the-web-owasp-appsec-nyc-2008\\\/#listItem\",\"name\":\"JBroFuzz: Building a Java Fuzzer for the Web &#8211; OWASP AppSec NYC 2008\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/category\\\/conferences\\\/#listItem\",\"name\":\"Conferences\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/2008\\\/09\\\/24\\\/jbrofuzz-building-a-java-fuzzer-for-the-web-owasp-appsec-nyc-2008\\\/#listItem\",\"position\":4,\"name\":\"JBroFuzz: Building a Java Fuzzer for the Web &#8211; OWASP AppSec NYC 2008\",\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/category\\\/conferences\\\/owasp-appsec-nyc-2008\\\/#listItem\",\"name\":\"OWASP AppSec NYC 2008\"}}]},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/#organization\",\"name\":\"Web Admin Blog\",\"description\":\"Real Web Admins.  Real World Experience.\",\"url\":\"https:\\\/\\\/www.webadminblog.com\\\/\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/author\\\/jsokol\\\/#author\",\"url\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/author\\\/jsokol\\\/\",\"name\":\"Josh\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/2008\\\/09\\\/24\\\/jbrofuzz-building-a-java-fuzzer-for-the-web-owasp-appsec-nyc-2008\\\/#authorImage\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/17951f69795527f90a4e9cb75ad6c9b3?s=96&d=identicon&r=pg\",\"width\":96,\"height\":96,\"caption\":\"Josh\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/2008\\\/09\\\/24\\\/jbrofuzz-building-a-java-fuzzer-for-the-web-owasp-appsec-nyc-2008\\\/#webpage\",\"url\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/2008\\\/09\\\/24\\\/jbrofuzz-building-a-java-fuzzer-for-the-web-owasp-appsec-nyc-2008\\\/\",\"name\":\"JBroFuzz: Building a Java Fuzzer for the Web \\u2013 OWASP AppSec NYC 2008 | Web Admin Blog\",\"description\":\"This presentation was by Yiannis Pavlosoglou who is the developer on the OWASP fuzzing project. Address the challenges of fuzzing, during applicaton layer penetration tests and security assessments. Designed for fuzzing web applications. Open-source and free. Written in Java. Scriptable. Fuzzer Workflow Select fuzzers Send requests Collect responses Compare results Building a fuzzer entails a\",\"inLanguage\":\"en-US\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/2008\\\/09\\\/24\\\/jbrofuzz-building-a-java-fuzzer-for-the-web-owasp-appsec-nyc-2008\\\/#breadcrumblist\"},\"author\":{\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/author\\\/jsokol\\\/#author\"},\"creator\":{\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/index.php\\\/author\\\/jsokol\\\/#author\"},\"datePublished\":\"2008-09-24T13:31:51-05:00\",\"dateModified\":\"2008-09-24T13:31:51-05:00\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/#website\",\"url\":\"https:\\\/\\\/www.webadminblog.com\\\/\",\"name\":\"Web Admin Blog\",\"description\":\"Real Web Admins.  Real World Experience.\",\"inLanguage\":\"en-US\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.webadminblog.com\\\/#organization\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO -->\n\n","aioseo_head_json":{"title":"JBroFuzz: Building a Java Fuzzer for the Web \u2013 OWASP AppSec NYC 2008 | Web Admin Blog","description":"This presentation was by Yiannis Pavlosoglou who is the developer on the OWASP fuzzing project. Address the challenges of fuzzing, during applicaton layer penetration tests and security assessments. Designed for fuzzing web applications. Open-source and free. Written in Java. Scriptable. Fuzzer Workflow Select fuzzers Send requests Collect responses Compare results Building a fuzzer entails a","canonical_url":"https:\/\/www.webadminblog.com\/index.php\/2008\/09\/24\/jbrofuzz-building-a-java-fuzzer-for-the-web-owasp-appsec-nyc-2008\/","robots":"max-image-preview:large","keywords":"","webmasterTools":{"miscellaneous":""},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.webadminblog.com\/index.php\/2008\/09\/24\/jbrofuzz-building-a-java-fuzzer-for-the-web-owasp-appsec-nyc-2008\/#article","name":"JBroFuzz: Building a Java Fuzzer for the Web \u2013 OWASP AppSec NYC 2008 | Web Admin Blog","headline":"JBroFuzz: Building a Java Fuzzer for the Web &#8211; OWASP AppSec NYC 2008","author":{"@id":"https:\/\/www.webadminblog.com\/index.php\/author\/jsokol\/#author"},"publisher":{"@id":"https:\/\/www.webadminblog.com\/#organization"},"datePublished":"2008-09-24T13:31:51-05:00","dateModified":"2008-09-24T13:31:51-05:00","inLanguage":"en-US","commentCount":1,"mainEntityOfPage":{"@id":"https:\/\/www.webadminblog.com\/index.php\/2008\/09\/24\/jbrofuzz-building-a-java-fuzzer-for-the-web-owasp-appsec-nyc-2008\/#webpage"},"isPartOf":{"@id":"https:\/\/www.webadminblog.com\/index.php\/2008\/09\/24\/jbrofuzz-building-a-java-fuzzer-for-the-web-owasp-appsec-nyc-2008\/#webpage"},"articleSection":"OWASP AppSec NYC 2008, application, appsec, fuzzer, jbrofuzz, owasp, Security"},{"@type":"BreadcrumbList","@id":"https:\/\/www.webadminblog.com\/index.php\/2008\/09\/24\/jbrofuzz-building-a-java-fuzzer-for-the-web-owasp-appsec-nyc-2008\/#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/www.webadminblog.com#listItem","position":1,"name":"Home","item":"https:\/\/www.webadminblog.com","nextItem":{"@type":"ListItem","@id":"https:\/\/www.webadminblog.com\/index.php\/category\/conferences\/#listItem","name":"Conferences"}},{"@type":"ListItem","@id":"https:\/\/www.webadminblog.com\/index.php\/category\/conferences\/#listItem","position":2,"name":"Conferences","item":"https:\/\/www.webadminblog.com\/index.php\/category\/conferences\/","nextItem":{"@type":"ListItem","@id":"https:\/\/www.webadminblog.com\/index.php\/category\/conferences\/owasp-appsec-nyc-2008\/#listItem","name":"OWASP AppSec NYC 2008"},"previousItem":{"@type":"ListItem","@id":"https:\/\/www.webadminblog.com#listItem","name":"Home"}},{"@type":"ListItem","@id":"https:\/\/www.webadminblog.com\/index.php\/category\/conferences\/owasp-appsec-nyc-2008\/#listItem","position":3,"name":"OWASP AppSec NYC 2008","item":"https:\/\/www.webadminblog.com\/index.php\/category\/conferences\/owasp-appsec-nyc-2008\/","nextItem":{"@type":"ListItem","@id":"https:\/\/www.webadminblog.com\/index.php\/2008\/09\/24\/jbrofuzz-building-a-java-fuzzer-for-the-web-owasp-appsec-nyc-2008\/#listItem","name":"JBroFuzz: Building a Java Fuzzer for the Web &#8211; OWASP AppSec NYC 2008"},"previousItem":{"@type":"ListItem","@id":"https:\/\/www.webadminblog.com\/index.php\/category\/conferences\/#listItem","name":"Conferences"}},{"@type":"ListItem","@id":"https:\/\/www.webadminblog.com\/index.php\/2008\/09\/24\/jbrofuzz-building-a-java-fuzzer-for-the-web-owasp-appsec-nyc-2008\/#listItem","position":4,"name":"JBroFuzz: Building a Java Fuzzer for the Web &#8211; OWASP AppSec NYC 2008","previousItem":{"@type":"ListItem","@id":"https:\/\/www.webadminblog.com\/index.php\/category\/conferences\/owasp-appsec-nyc-2008\/#listItem","name":"OWASP AppSec NYC 2008"}}]},{"@type":"Organization","@id":"https:\/\/www.webadminblog.com\/#organization","name":"Web Admin Blog","description":"Real Web Admins.  Real World Experience.","url":"https:\/\/www.webadminblog.com\/"},{"@type":"Person","@id":"https:\/\/www.webadminblog.com\/index.php\/author\/jsokol\/#author","url":"https:\/\/www.webadminblog.com\/index.php\/author\/jsokol\/","name":"Josh","image":{"@type":"ImageObject","@id":"https:\/\/www.webadminblog.com\/index.php\/2008\/09\/24\/jbrofuzz-building-a-java-fuzzer-for-the-web-owasp-appsec-nyc-2008\/#authorImage","url":"https:\/\/secure.gravatar.com\/avatar\/17951f69795527f90a4e9cb75ad6c9b3?s=96&d=identicon&r=pg","width":96,"height":96,"caption":"Josh"}},{"@type":"WebPage","@id":"https:\/\/www.webadminblog.com\/index.php\/2008\/09\/24\/jbrofuzz-building-a-java-fuzzer-for-the-web-owasp-appsec-nyc-2008\/#webpage","url":"https:\/\/www.webadminblog.com\/index.php\/2008\/09\/24\/jbrofuzz-building-a-java-fuzzer-for-the-web-owasp-appsec-nyc-2008\/","name":"JBroFuzz: Building a Java Fuzzer for the Web \u2013 OWASP AppSec NYC 2008 | Web Admin Blog","description":"This presentation was by Yiannis Pavlosoglou who is the developer on the OWASP fuzzing project. Address the challenges of fuzzing, during applicaton layer penetration tests and security assessments. Designed for fuzzing web applications. Open-source and free. Written in Java. Scriptable. Fuzzer Workflow Select fuzzers Send requests Collect responses Compare results Building a fuzzer entails a","inLanguage":"en-US","isPartOf":{"@id":"https:\/\/www.webadminblog.com\/#website"},"breadcrumb":{"@id":"https:\/\/www.webadminblog.com\/index.php\/2008\/09\/24\/jbrofuzz-building-a-java-fuzzer-for-the-web-owasp-appsec-nyc-2008\/#breadcrumblist"},"author":{"@id":"https:\/\/www.webadminblog.com\/index.php\/author\/jsokol\/#author"},"creator":{"@id":"https:\/\/www.webadminblog.com\/index.php\/author\/jsokol\/#author"},"datePublished":"2008-09-24T13:31:51-05:00","dateModified":"2008-09-24T13:31:51-05:00"},{"@type":"WebSite","@id":"https:\/\/www.webadminblog.com\/#website","url":"https:\/\/www.webadminblog.com\/","name":"Web Admin Blog","description":"Real Web Admins.  Real World Experience.","inLanguage":"en-US","publisher":{"@id":"https:\/\/www.webadminblog.com\/#organization"}}]},"og:locale":"en_US","og:site_name":"Web Admin Blog | Real Web Admins.  Real World Experience.","og:type":"article","og:title":"JBroFuzz: Building a Java Fuzzer for the Web \u2013 OWASP AppSec NYC 2008 | Web Admin Blog","og:description":"This presentation was by Yiannis Pavlosoglou who is the developer on the OWASP fuzzing project. Address the challenges of fuzzing, during applicaton layer penetration tests and security assessments. Designed for fuzzing web applications. Open-source and free. Written in Java. Scriptable. Fuzzer Workflow Select fuzzers Send requests Collect responses Compare results Building a fuzzer entails a","og:url":"https:\/\/www.webadminblog.com\/index.php\/2008\/09\/24\/jbrofuzz-building-a-java-fuzzer-for-the-web-owasp-appsec-nyc-2008\/","article:published_time":"2008-09-24T18:31:51+00:00","article:modified_time":"2008-09-24T18:31:51+00:00","twitter:card":"summary_large_image","twitter:title":"JBroFuzz: Building a Java Fuzzer for the Web \u2013 OWASP AppSec NYC 2008 | Web Admin Blog","twitter:description":"This presentation was by Yiannis Pavlosoglou who is the developer on the OWASP fuzzing project. Address the challenges of fuzzing, during applicaton layer penetration tests and security assessments. Designed for fuzzing web applications. Open-source and free. Written in Java. Scriptable. Fuzzer Workflow Select fuzzers Send requests Collect responses Compare results Building a fuzzer entails a"},"aioseo_meta_data":{"post_id":"92","title":null,"description":null,"keywords":null,"keyphrases":null,"primary_term":null,"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"default","og_image_url":null,"og_image_width":null,"og_image_height":null,"og_image_custom_url":null,"og_image_custom_fields":null,"og_video":null,"og_custom_url":null,"og_article_section":null,"og_article_tags":null,"twitter_use_og":false,"twitter_card":"default","twitter_image_type":"default","twitter_image_url":null,"twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":null,"schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"","isEnabled":true},"graphs":[]},"schema_type":"default","schema_type_options":null,"pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":null,"robots_max_videopreview":null,"robots_max_imagepreview":"large","priority":null,"frequency":null,"local_seo":null,"breadcrumb_settings":null,"limit_modified_date":false,"ai":null,"created":"2025-01-03 22:53:01","updated":"2025-07-17 07:09:27","seo_analyzer_scan_date":null},"aioseo_breadcrumb":"<div class=\"aioseo-breadcrumbs\"><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/www.webadminblog.com\" title=\"Home\">Home<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/www.webadminblog.com\/index.php\/category\/conferences\/\" title=\"Conferences\">Conferences<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/www.webadminblog.com\/index.php\/category\/conferences\/owasp-appsec-nyc-2008\/\" title=\"OWASP AppSec NYC 2008\">OWASP AppSec NYC 2008<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\tJBroFuzz: Building a Java Fuzzer for the Web \u2013 OWASP AppSec NYC 2008\n\t\t<\/span><\/div>","aioseo_breadcrumb_json":[{"label":"Home","link":"https:\/\/www.webadminblog.com"},{"label":"Conferences","link":"https:\/\/www.webadminblog.com\/index.php\/category\/conferences\/"},{"label":"OWASP AppSec NYC 2008","link":"https:\/\/www.webadminblog.com\/index.php\/category\/conferences\/owasp-appsec-nyc-2008\/"},{"label":"JBroFuzz: Building a Java Fuzzer for the Web &#8211; OWASP AppSec NYC 2008","link":"https:\/\/www.webadminblog.com\/index.php\/2008\/09\/24\/jbrofuzz-building-a-java-fuzzer-for-the-web-owasp-appsec-nyc-2008\/"}],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/pfI0c-1u","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts\/92","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/comments?post=92"}],"version-history":[{"count":2,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts\/92\/revisions"}],"predecessor-version":[{"id":94,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts\/92\/revisions\/94"}],"wp:attachment":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/media?parent=92"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/categories?post=92"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/tags?post=92"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}