| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <AANLkTimTfTsKr4jZe9z3sFCRk9H+Q5UwG_87QjnZPU3G@mail.gmail.com> Date: Mon, 26 Jul 2010 16:53:28 -0400 From: Dan Rosenberg <drosenberg@...curity.com> To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk Subject: FuzzDiff tool Hello, I'd like to announce FuzzDiff, a simple tool to help make crash analysis during file format fuzzing a bit easier. I'm sure many people have written similar tools for their own purposes, but I haven't seen any that are publicly available. Hopefully at least one person finds it useful. When provided with a fuzzed file, a corresponding original un-fuzzed file, and the path to the targeted program, FuzzDiff will selectively "un-fuzz" portions of the fuzzed file while re-launching the application to monitor for crashes. This will yield a file that still crashes the target application, but contains a minimum set of changes from the original, un-fuzzed file. This can be useful in pinning down the exact cause of a crash. The tool is written in Python and currently only works on Unix-based systems, since it monitors for crashes by checking for SIGSEGV. It also assumes that the target program adheres to the syntax "[program] [args] [input file]". Both of these limitations can be easily worked around. The code is hardly what I'd call production-ready, but it gets the job done. The tool is available at: http://vsecurity.com/resources/tool Happy hacking, Dan Rosenberg
Powered by blists - more mailing lists