Home

Awesome

Mobile Application Fuzzer via SSL MITM (mbfuzzer)

Development Platform : Ruby 2.0

MBFuzzer will be developed for MITM (Man in the Middle) Fuzzing. Mobile applications use HTTP, SOAP, XML and JSON based data streams for communicate the servers. Many mobile applications use SSL Connect method for server communication. This method should be converted to HTTPS GET/POST method for MITM attacks. MBFuzzer will provide HTTP/HTTPS Proxy functionality and Real-Time Fuzzing feature with HTTP Connect conversion support.

Features

Inspired Projects

Project Team Requirements

Installation

Fuzzing Templates

Search & Replace

Purpose of the search & replace structure is finding target element name and changing value of the element according to url. The url field could be any key in the url instead of whole address.

<searchreplace>
    <url> [target url address] </url>
    <target> [element name ] </target>
    <newdata> [replaced data] </newdata>
</searchreplace>

Big Data Entry

Big Data Entry structure aims that applying big character set inorder to give vulnerability information with using data and count tags by element name. Url feature is the same like search and replace structure.

<bigdata>
    <url> [target url address] </url>
    <name> [element name] </name>
    <data> [repeated data] </data>
    <count> [number of repetitions] </count>
</bigdata>

Usage