Category:OWASP JBroFuzz Project - Roadmap

Introduction
JBroFuzz represents a stateless network protocol fuzzer for web applications. The focus of this tool is around being able to manipulate and submit a variety of different fuzzing requests over HTTP/S.

The long term goal of this project is to provide a stable fuzzing platform that spans a number of operating systems: A tool that penetration testers would want to have with them while testing a web application or service.

Currently, JBroFuzz carries a number of payloads and a collection of headers from different browsers on different platforms. The future of this tool will be highly invested in actually grouping these elements into categories of automated as well as manual testing.

Towards 2.0
JBroFuzz increments version numbers in 0.1 fashion; there are no minor, alpha or beta releases. Also the SVN repository carries a number of pre-release candidates of release level quality.

Further to this, there are a number of core fuzzing APIs (implemented in org.owasp.jbrofuzz.core) that allow for the custom implementation of fuzzing scripts in the java programming language.

By the time JBroFuzz reaches version 2.0, the core APIs will be in complete lockdown: There will be a code-freeze towards the available components of the jar file. This should enable developers and security professionals alike to use JBroFuzz.jar as a standard library for fuzzing in the form of unit testing.

Further Releases
There will always be incremental updates relating to UI components; from text highlighting to the addition and removal of particular payload values. The modular approach of JBroFuzz taken during its development, yields the ability to further continue and add shortcuts and automations of particular tasks.

What not to Expect
As a tool JBroFuzz will not try to imitate the usage of other fuzzing tools; still, the expansion, addition and different grouping of payload values within the fuzzers.jbrofuzz file will continue to follow current attack patterns and trends.

This standalone fuzzer, will not be the answer to all your fuzzing worries. If you are willing to spend a bit of time in knowning and selecting what you would like to fuzz and how, the future releases of this tool should be of interest to those engaged in security testing.