Category:OWASP JBroFuzz Project - Version 1.5 Release - Roadmap

From OWASP
Jump to: navigation, search
what is this release?

Name: JBroFuzz 1.6 - September 2009 - download

Main Features: 1 - introduces a new Encoder/Hash window, under options for Base64, MD5, SHA-1, SHA-256, SHA-384, SHA-512 and URL (UTF-8) encoded text. 2 - a number of SQL Injection payloads have been included, including blind MS SQL Injection and injection for mySQL. 3 - the org.owasp.jbrofuzz.core APIs have been extended and documented for better standalone usability of the JBroFuzz.jar file. Examples will follow on the "JBroFuzz Tutorial" page on the website. 4 - on the HTTP or HTTPS connection, the implementation to resubmit any POST data in the event of a '100 Continue' has been put in place. 5 - the 'Properties' window of an 'Output' request, a search mechanism has been implemented.

who is working on this release?
Release Leader: Subere

Release Contributor(s):

Release Reviewer(s): Matt Tesauro, Leonardo Cavallari Militelli

Release Mentor(s): if any

Release Sponsor(s): if any

how can you learn more?
Release Flyer/Pamphlet:

Release Notes: {{{Release Notes}}}

Release Main Links: download

Release Assessment: Yellow button.JPG Not reviewed/Targeted at Stable Release

Release reviewed under Assessment Criteria v2.0

1.1 -> Current Version -> 1.5 -> 2.1

This roadmap presents a number of tasks which will carry JBroFuzz through to its 2.0 release. Each of the tasks specified below, begins with the likely version number at which the issue (bug or feature) will be addressed. Generally, bugs take priority over features, yet some features involve architectural changes that address a lot of bugs, together.

Before diving into individual (and more technical) tasks we present a list of goals and objectives for JBroFuzz:

  • 1.0 Achieve a stable fuzzing platform
  • 1.2 Establish a fuzzing file format
  • 1.3 Address logging functionality
  • 1.5 Add the final "Testing" tab
  • 1.6 Bring all code up to java 6
  • 1.8 Expose the org.owasp.jbrofuzz API
  • 1.9 Focus on UI functionality
  • 2.0 Landmark release
  • 2.1 Address bugs/features

The above aim to act as a breakdown of the roadmap that this project has.

Major

1.3 Revisit Logging Functionality, defining levels of logging
[INFO]: show on screen and log
[OPERATIONAL]: Something is up/log
[WARNING]: log / increment counter
[SHOUT]: Warning + Show system tab
[ERROR]: Shout + stop all process + clear memory + give info finding as recommendation

1.4 Ctrl+N to also create a point to a new directory in fuzz
1.4 Return meaningful exceptions in the event of malformed data being passed
E.g. URL: ftp:// gives port = -1
1.4 Implement the XFuzzer being the cross product of two fuzzers
1.3 SSL Error(s) of unsigned|badly signed certificates request

Minor

1.3 SOCKS v5 Proxy Support
1.3 Add a system tray for checking for an update while starting
1.3 "Open in Browser" to work while fuzzing is still going

1.3 Add in the Format Menu the ability to change font type in the graphs
1.3 Right Click on Response Table in Fuzzing and Graphing
1.4 Be able to stop a graph while plotting
1.5 Format the source code to apache standards
1.6 Loose the SwingWorker3 class used
1.3 Ctrl-W does not clear the Payloads Table


Massive

1.8 Implement a "Testing" tab in which a user solely specifies a URL and all testing is carried out automatically

This category currently contains no pages or media.