Untidy is a
Python-based XML fuzzer. It takes XML data as input and generates a set of modified, potentially invalid XML data based on the source input.
In a nutshell, fuzzing testing is a software testing technique that sends random inputs to an application. If the target application contains a vulnerability that can lead to a crash, or a server error (in case of web applications), it can be determined and be noted.
Usually, fuzzers are good at finding buffer overflow, denial-of-service and web-related vulnerabilities such as SQL injections and XSS. Fuzzing is becoming an important part of penetration testing and especially software security as it often finds odd defects which human testers would fail to find.
There are no prerequisites for using Untidy. Just download the file and extract the files. We’ve provided a Python script that shows how to use Untidy. Enjoy!
OUTPUT_DIRECTORY = "fuzzedXML"
xmlInput = open(xml_sample_file, "r").read()
oXMLFuzzer = untidy.xmlFuzzer()
fuzzedXMLs = oXMLFuzzer.fuzz(xmlInput)
counter = 0
for fuzzedXML in fuzzedXMLs:
xml_output_file = xml_sample_file + str(counter)
counter += 1
full_path = OUTPUT_DIRECTORY + "/" + xml_output_file
if __name__ == '__main__':
input_xml_file = sys.argv
print "Enter sample XML file"
print "Mixing XML file %s...." % input_xml_file
I hope it has been a useful article.