Mar 7, 2013

Yakindan Egitim: Mobile Application Fuzzer via SSL MITM

Yakindan Egitim project is started last week, it's a training project like Google Summer of Code. Homepage is, Blog address is and Github address is . 

I started a sub-project at Yakindan Egitim, Mobile Application Fuzzer via SSL MITM (mbfuzzer). I'm mentor of MBFuzzer and waiting for attendees. Also I'll code it, don't feel that you are alone. You could join the project if you are a student at any university and interested. Please visit our blog for further information.

Mobile Application Fuzzer via SSL MITM (mbfuzzer)

Project Home 

Development Platform : Ruby 2.0

MBFuzzer will be developed for MITM (Man in the Middle) Fuzzing. Mobile applications use HTTP, SOAP, XML and JSON based data streams for communicate the servers. Many mobile applications use SSL Connect method for server communication. This method should be converted to HTTPS GET/POST method for MITM attacks. MBFuzzer will provide HTTP/HTTPS Proxy functionality and Real-Time Fuzzing feature with HTTP Connect conversion support


  • HTTP/HTTP Proxy Support
  • HTTPS Connect Conversion Support
  • On-The-Fly Valid SSL certificate generation for target server
  • Real-Time Response/Request Fuzzing Support
  • Fake Service Installation via XML/JSON Templates
  • Supports Different Injection Payloads using Templates

Inspired Projects

Android Proxy -

Project Team Requirements

  • Good Understanding of SSL/TLS Technology
  • Ruby Development Skills
  • JSON & XML Knowledge
  • Fuzzing Knowledge