AJPFuzzer - A command-line fuzzer for Apache JServ Protocols.

AJPFuzzer – A command-line fuzzer for Apache JServ Protocols.

AJPFuzzer is a rudimental fuzzer for the Apache JServ Protocol (ajp13).
Built on top of libajp13, the tool allows you to create and send AJP messages using an easy-to-use command line interface. AJPFuzzer can craft properly formatted AJP13 messages (all message types) as well as mutations (e.g. bit flipping, messages with type mismatch, etc.), which facilitates security testing efforts targeting AJP-based services like web servers AJP modules, J2EE containers, and many others.

Dependencies:
+ Java JDK 7-8

ajpfuzzer

AJPFuzzer provides the following test cases:
1. body – Send a body message from the web server to the J2EE container
2. forwardrequest – Begin the request processing cycle from the web server to the J2EE container
3. sendbodychunk – Send a chunk of the body from the J2EE container to the web server
4. sendheaders – Send the response headers from the J2EE container to the web server
5. endresponse – Mark the end of the response, from the J2EE container to the web server
6. getbodychunk – Get further data from the requestor. Message from the J2EE container to the web server
7. shutdown – Send a standard shutdown AJP13 packet
8. ping – Send a ping (ping != CPing) AJP13 packet
9. cpong – Send a CPong AJP13 packet
10. cping – Send a CPing AJP13 packet
11. forwardreqalltypes – Send a ForwardRequest AJP13 packet, with all possible packet types
12. verbtampering – Send multiple requests via AJP13 and do HTTP Verb Tampering, to detect potential authentication bypass flaws
13. jettyleak – Send a JettyLeak style AJP13 packet
14. hugelengthsmallbody – Send ForwardRequest+Body messages, with a big Content-Length and small Body
15. hugeheader – Send two AJP13 ForwardRequest packets with header length greater than 0x9999 (e.g. A010)
16. fuzzbit – Create a complex AJP13 ForwardRequest and start bit flipping
17. fuzzslice – Create an AJP13 ForwardRequest, SendHeaders, ShutDown, 0xFF, 0x00. Slice and send.
18. servletpath – Create an AJP13 ForwardRequest with arbitrary ‘servlet_path’ attribute
19. bypassauthnull – Create two AJP13 ForwardRequest with auth_type set to ‘null’
20. envars – Create an AJP13 ForwardRequest with req_attribute_code (10) in order to set arbitrary environmental variables
21. hugepacketsize – Create two AJP13 requests with size > 8192 bytes
22. dirtraversal – Create an AJP13 ForwardRequest (GET) with multiple directory traversal payloads

Usage:

Source: https://github.com/doyensec/ajpfuzzer