Sth. like this:
Can anybody link me to (or possibly upload) some good fuzzing lists for SQL Injection or XSS testing?
I'm playing with web application testing at the moment, and would like some good, comprehensive, long, lists that I can feed into tools like Burp.
Don't eat yellow snow :rolleyes:
Yep, exactly like that
Managed to find that one yesterday, but that was the only one that I could find
Does BackTrack3 have Burp? What other software on BackTrack3 can these types of lists for SQL injections can you plug this into?
Doubt very much that BT3 would have burp, I wouldn't have thought that the licencing conditions would allow it.
It should run in BT3 though, provided that the Java version is sufficiently new.
Isn't Burp commercial? Or is that only Burp Pro?
You can do custom injections in Firefox using TamperData (though I don't think there's a way to do a list of them). Maybe w3af?
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
Yep, Burp is a commercial product which is why I thought it unlikely to be distributed in BT3 (or 4, or 5, or whatever).
Anyway.....back to the sources of those lists