Websecurify

Regular updates about Websecurify free and premium website scanners, proxies, fuzzers and insight knowledge about SQL Injection, Cross-site Scripting and other vulnerabilities

Landing Xmlfuzz

We did it. Xmlfuzz is the latest tool we made available online and it is awesome. It reuses the same slick user interface from Jsonfuzz. It fully understands XML and can test the most weird and complex XML structures you can think of. A brief introduction to the tool plus details can be found here.

Xmlfuzz is designed to be as general purpose as possible. While it can be used to test XMLRPC and SOAP based XML services, it works pretty much with any web application which excepts XML input. In other words, it will work perfectly fine on any ajax XML service you can find.

Just like Jsonfuzz, Xmlfuzz will require some tuning over the next couple of weeks. In particular, we want to improve the payloads that we send as part of the fuzz cycles. At the moment the list is not comprehensive. However, anybody who has been following us on Twitter, Facebook and Google+ knows these changes will be smoothly rolled into production without you even realising.

So, keep testing and let us know how to make the tool even better.

pdp

Petko D. Petkov (pdp), is founder of Websecurify and frontman of the GNUCITIZEN Information Security Think Tank. pdp is a recognized information security researcher, security tools developer, penetration tester, frequent speaker at industry events, and published author who has contributed to several best-selling books in the field of information security.

Comments Powered ByDisqus