This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Category:OWASP JBroFuzz Project - Version 1.5 Release - Roadmap
| what | is this release? |
|---|---|
|
Name: JBroFuzz 1.6 - September 2009 - download Main Features: 1 - introduces a new Encoder/Hash window, under options for Base64, MD5, SHA-1, SHA-256, SHA-384, SHA-512 and URL (UTF-8) encoded text. 2 - a number of SQL Injection payloads have been included, including blind MS SQL Injection and injection for mySQL. 3 - the org.owasp.jbrofuzz.core APIs have been extended and documented for better standalone usability of the JBroFuzz.jar file. Examples will follow on the "JBroFuzz Tutorial" page on the website. 4 - on the HTTP or HTTPS connection, the implementation to resubmit any POST data in the event of a '100 Continue' has been put in place. 5 - the 'Properties' window of an 'Output' request, a search mechanism has been implemented. | |
| who | is working on this release? |
| Release Leader: Subere
Release Contributor(s): Release Reviewer(s): Matt Tesauro, Leonardo Cavallari Militelli Release Mentor(s): if any Release Sponsor(s): if any | |
| how | can you learn more? |
| Release Flyer/Pamphlet:
Release Notes: {{{Release Notes}}} Release Main Links: download Release Assessment: Release reviewed under Assessment Criteria v2.0 | |
1.1 -> Current Version -> 1.5 -> 2.1
This roadmap presents a number of tasks which will carry JBroFuzz through to its 2.0 release. Each of the tasks specified below, begins with the likely version number at which the issue (bug or feature) will be addressed. Generally, bugs take priority over features, yet some features involve architectural changes that address a lot of bugs, together.
Before diving into individual (and more technical) tasks we present a list of goals and objectives for JBroFuzz:
- 1.0 Achieve a stable fuzzing platform
- 1.2 Establish a fuzzing file format
- 1.3 Address logging functionality
- 1.5 Add the final "Testing" tab
- 1.6 Bring all code up to java 6
- 1.8 Expose the org.owasp.jbrofuzz API
- 1.9 Focus on UI functionality
- 2.0 Landmark release
- 2.1 Address bugs/features
The above aim to act as a breakdown of the roadmap that this project has.
Major
1.3 Revisit Logging Functionality, defining levels of logging
[INFO]: show on screen and log
[OPERATIONAL]: Something is up/log
[WARNING]: log / increment counter
[SHOUT]: Warning + Show system tab
[ERROR]: Shout + stop all process + clear memory + give info finding as recommendation
1.4 Ctrl+N to also create a point to a new directory in fuzz
1.4 Return meaningful exceptions in the event of malformed data being passed
E.g. URL: ftp:// gives port = -1
1.4 Implement the XFuzzer being the cross product of two fuzzers
1.3 SSL Error(s) of unsigned|badly signed certificates request
Minor
1.3 SOCKS v5 Proxy Support
1.3 Add a system tray for checking for an update while starting
1.3 "Open in Browser" to work while fuzzing is still going
1.3 Add in the Format Menu the ability to change font type in the graphs
1.3 Right Click on Response Table in Fuzzing and Graphing
1.4 Be able to stop a graph while plotting
1.5 Format the source code to apache standards
1.6 Loose the SwingWorker3 class used
1.3 Ctrl-W does not clear the Payloads Table
Massive
1.8 Implement a "Testing" tab in which a user solely specifies a URL and all testing is carried out automatically
This category currently contains no pages or media.
