lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 4 Sep 2007 19:36:27 +0100 From: Tim Brown <timb@...-dimension.org.uk> To: bugtraq@...urityfocus.com Subject: Tutorial on Fuzzled In preparation for the imminent release of Fuzzled 1.1, I spent this evening writing a short paper entitled "Writing a fuzzer using the Fuzzled framework". The paper includes some of the techniques I use to dismantle protocols including documentation, observation and static analysis. It then moves on to the fundamentals of implementing a protocol using the framework. I talk about base requests, namespaces and tieing them together with factories with reference to Fuzzled::Protocol::HTTP, an example included in the framework. The paper also highlights a few tricks to the framework, including developing multi-threaded fuzzers, identifying offsets and parsing packets. It ends with my techniques to identify vulnerabilities highlighted by fuzzers. I'm sure none of the techniques themselves are new, but the application of them in the context of using the Fuzzled framework may provide some inspiration to others. The full paper can be found at: http://www.nth-dimension.org.uk/utils/get.php?downloadsid=35. Cheers, Tim PS If anyone wants to try a release candidate of Fuzzled 1.1, contact me off list and we'll see what we can do. -- Tim Brown <mailto:timb@...-dimension.org.uk> <http://www.nth-dimension.org.uk/>
Powered by blists - more mailing lists