Bonsai Information Security - Research

XML Fuzzer


Untidy is a general purpose XML Fuzzer. It takes a valid XML as input and generates a set of modified, potentially invalid, XMLs based on the input. This fuzzer was part of a bigger project aimed at discovering vulnerabilities in the implementation of Web Service clients and servers. Now, the untidy XML fuzzer is also part of a generic fuzzer named Peach [0] which is available for download here [1].

Further information and usage examples can be found at the official Untidy website.