JBroFuzz - Java Based Network Protocol Fuzzer

JBroFuzz is a java based (exe currently part of this message) stateless network protocol fuzzer for penetration tests. It allows for the identification of certain classes of security bugs, by means of creating malformed data and having the network protocol in question consume the data.

Fuzzing can take place on any part of a socket request by means of specifying one or more generators. These generators can be hexadecimal, octal, decimal as well as binary. A version of a protocol sniffer acting as a TCP reflector is also included within the current implementation.

The current version supports a more robust set of generations, including basic cross site scripting checks (XSS) as well as basic SQL injection. A number of tests involving buffer overflows (BFO), format string errors (FSE) as well as integer overflows (INT) have been added. Also, a separate panel is present showing the definitions for each and actually what a generator performs.