Haptyc: A Library for Building Microfuzzers in Turbo Intruders | @defparam

Дата: 27.09.2021. Автор: CISO CLUB. Категории: Подкасты и видео по информационной безопасности

When James Kettle introduced Turbo Intruder back in 2019 the goal was always speed. When one compares Turbo Intruder to traditional Intruder several features are noticeably absent. Firstly, the ability to define multiple user-defined positions. Secondly, the ability to orchestrate battering ram and cluster bomb style of attacks. Lastly, the ability to mutate user-defined positions and to perform all of this using elegant and modular python code. Hyptyc is a python library and testing framework whose mission is to add these capabilities into Turbo Intruder so that it is at 90% feature parity to traditional Intruder. By allowing hackers to define “Haptyc transform tags” as a pseudo-markup for their requests, they can create positions in Turbo Intruder and develop code on how they would like to mutate these positions per request. Because Haptyc transforms are modular and generic in nature this also makes each implementation portable and re-usable across different HTTP requests which reduces the amount of request-specific spaghetti code inside python. Beginner hackers who don’t understand python can use Haptyc examples as-is to perform powerful fuzzing attacks. Advanced hackers familiar with python and Turbo Intruder can develop very powerful sophisticated fuzzers with this framework


Об авторе CISO CLUB

Редакция портала cisoclub.ru. Добавляйте ваш материал на сайт в разделе "Разместить публикацию".
Читать все записи автора CISO CLUB

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *