lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <200709041936.27684.timb@nth-dimension.org.uk>
Date: Tue, 4 Sep 2007 19:36:27 +0100
From: Tim Brown <timb@...-dimension.org.uk>
To: bugtraq@...urityfocus.com
Subject: Tutorial on Fuzzled

In preparation for the imminent release of Fuzzled 1.1, I spent this evening 
writing a short paper entitled "Writing a fuzzer using the Fuzzled 
framework".

The paper includes some of the techniques I use to dismantle protocols 
including documentation, observation and static analysis.  It then moves on 
to the fundamentals of implementing a protocol using the framework.  I talk 
about base requests, namespaces and tieing them together with factories with 
reference to Fuzzled::Protocol::HTTP, an example included in the framework.  
The paper also highlights a few tricks to the framework, including developing 
multi-threaded fuzzers, identifying offsets and parsing packets.  It ends  
with my techniques to identify vulnerabilities highlighted by fuzzers.

I'm sure none of the techniques themselves are new, but the application of 
them in the context of using the Fuzzled framework may provide some 
inspiration to others.

The full paper can be found at: 
http://www.nth-dimension.org.uk/utils/get.php?downloadsid=35.

Cheers,
Tim

PS If anyone wants to try a release candidate of Fuzzled 1.1, contact me off 
list and we'll see what we can do.
-- 
Tim Brown
<mailto:timb@...-dimension.org.uk>
<http://www.nth-dimension.org.uk/>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ