IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [fuzzing]

Fuzzing is a testing technique that consists on passing malformed data as input to programs trying to uncover vulnerabilities in the handling of this malformed input data.

102 questions
29
votes
4 answers

What is the purpose of a fuzzer?

I've heard of these tools and from what I understand, they just send tons of random data at different services and observe their reaction to it. What is the purpose of a fuzzer? How can it be applied during a pentest?
Digital fire
  • 3,186
  • 5
  • 32
  • 44
14
votes
4 answers

Best way to triage crashes found via fuzzing, on Linux?

When doing fuzz testing, it is easy to end up with many bugs (many crashes). This makes it important to have a way to triage each bug that's detected, so we can prioritize them and focus our effort on the ones that are most likely to represent…
D.W.
  • 99,525
  • 33
  • 275
  • 596
7
votes
3 answers

How should I compile program for fuzz testing?

I'm doing some fuzz testing of a program for which I do have source code. Should I compile the program with any particular compiler options, to make fuzz testing more effective? If so, what's the right list of command-line flags to pass to the…
D.W.
  • 99,525
  • 33
  • 275
  • 596
7
votes
1 answer

Fuzzing of audio input vectors

A few days ago I had to make a phone call and on the other end of the line was some machine using some voice recognition software to validate the customers spoken answers to the service menu. I asked myself if it would be possible to fuzz this kind…
Dirk
  • 510
  • 1
  • 4
  • 16
5
votes
2 answers

How to see results of protocol fuzzing

Had a class today about protocol fuzzing whereby my professor explained fuzzing in a lot of detail, but neglected to explain how someone would actually measure a fuzzing process. So how would you actually do this? Would a simple Wireshark capture…
Papantonia
  • 51
  • 2
4
votes
3 answers

How should I configure OS for fuzz testing?

Should I configure my OS in any particular way, if I'm going to be doing some fuzz testing? Should I turn off ASLR (address space randomization)? Does it matter?
D.W.
  • 99,525
  • 33
  • 275
  • 596
4
votes
2 answers

Work on fuzzing of PDF file format

What work has been done on fuzzing of the PDF file format? I'm looking for work that focuses specifically on PDF, and is aware of the PDF file format. Has there been past work that builds format-aware tools for fuzzing PDF? Perhaps format-aware…
D.W.
  • 99,525
  • 33
  • 275
  • 596
3
votes
1 answer

Fuzzing authenticated part of web application

I have a web application I am wanting to fuzz. It consists of a lot of REST webservice gets/puts. I have been considering using Sulley Fuzzing Framework or its successor boofuzz. Since the jsessionid and/or other authentication cookies change for…
dnraikes
  • 133
  • 3
3
votes
1 answer

How can I fuzz standalone applications?

How can I fuzz standalone applications because I can't seem to wrap my head around how a fuzzer can "feed" fuzz data to a standalone application. Most online resources use web servers as examples. The other resources give examples like opening a…
han
  • 41
  • 2
3
votes
1 answer

Sulley - Logic behind primitives

Are sulley's primitives used to build a description of the protocol or to specify what kind of data we want to generate? Let's take for instance the following primitive s_string("ok", encoding="ascii") In the first case, it would mean, the protocol…
Othman
  • 587
  • 6
  • 16
1
vote
2 answers

How do I pass a list of cookies to Wfuzz?

I know that you can pass cookies in Wfuzz by using multiple -b parameters like so: wfuzz -w /path/to/wordlist -b cookie1=foo -b cookie2=bar http://example.com/FUZZ but I am wondering if you can pass a list of cookies, instead of doing them one by…
squelch
  • 23
  • 1
  • 4
1
vote
0 answers

How to help the automated fuzzing community?

I can see there are great tools to do automated fuzzing: https://en.wikipedia.org/wiki/Fuzzing ex.: https://en.wikipedia.org/wiki/American_fuzzy_lop_(fuzzer) But how can a non-programmer help these groups? Are there any BOINC-like projects, where…
Hessnov
  • 199
  • 1
  • 4
1
vote
1 answer

symbolic execution vs fuzzing

I think I understand the difference between fuzzing and symbolic execution especially when it comes to having a program that expects specific values (in this case symbolic execution will work and fuzzing probably won't). However, is there a reason…
rullzing
  • 111
  • 1
0
votes
0 answers

How to fuzz restricted shell?

I want to fuzz the restricted shell which is customized linux shell. I can only run certain commands which are specific to application. OS commands are not allowed to run. The shell looks as below after doing ssh to it, My goal is to fuzz the input…
Ajay
  • 1
0
votes
0 answers

Fuzzer Mutators Packages for Python

I am creating a network fuzzer in Python and I have a debate about using open-source mutators or create my custom mutator. The fuzzing target is proprietary network protocols. What I am looking for is some flexibility with the data types so I can do…
ystv
  • 13
  • 2
1
2