Blazer is a custom AMF messages generator with fuzzing capabilities, developed as Burp Suite plugin. It is designed and implemented to make AMF testing easy, and yet allows researchers to control fully the entire security testing process.
Using Blazer, testing AMF-based applications is easier and more robust. As it is highly integrated in a well-known testing suite, web security practitioners can start to use the tool with minimal setup in few seconds.
Blazer implements a new testing approach, introduced at Black Hat USA 2012. This automated gray-box testing technique allows security researchers to improve the coverage and the effectiveness of fuzzing efforts targeting complex applications.
For further details, please refer to the original whitepaper and presentation.
Features
- Automatic Java objects generation from method signatures via Java reflection and “best-fit” heuristics
- Fuzzing capabilities, with customizable data pools and attack vectors
- Ability to start, pause, restore and stop testing
- Easy-to-use internal methods to construct custom AMF messages
- Embedded BeanShell for manual testing
- Highly integrated in Burp Suite
- Support for Java server-side remoting technologies (Adobe BlazeDS, Adobe LiveCycle Data Services, GraniteDS, …)
- Blazer has been developed in Java as a Burp Suite plugin and released under the GNU General Public License. Burp plugins are supported by both versions (free and professional) of the Burp Suite. All major operating systems (Windows, Mac, Linux) with standard Oracle JRE installed are supported by Blazer.
Download In here | Read more right here