lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <44D3F1EC.9060704@f-box.org>
Date: Sat, 05 Aug 2006 03:18:36 +0200
From: Dan B <dan-fd@...ox.org>
To: Martin Vuagnoux <fulldisclosure@...gnoux.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: AUTODAFE: an Act of Software Torture [FUZZER]

Hi Martin,

Martin Vuagnoux wrote:
> Dear list,
>
> let me present you the public release of a fuzzer presented at 22c3:
>
> Autodafé is a fuzzing framework able to uncover buffer overflows by
> using the fuzzing by weighting attacks with markers technique.
>
> http://autodafe.sourceforge.net
>
> You will find a paper explaining the technique used, the slides of the
> presentation and the source code. It uses a script language largely
> inspired by Spike (btw: thanks Dave). The major improvement is the use
> of a debugger in order to reduce the test space. There is a tutorial
> (based on real cases) which explains how to use it, to fuzz network
> based (TCP/UDP) protocols (client and server side) and files (lps,
> pdf, jpeg, etc.) The second major improvement is the use of dissector
> (etheral, wireshark) to automatically recognize 750 network based
> protocols.
>
> Feel free to give feedback, it's a beta release.

Ok so all looks good, but --prefix is not respected by Makefiles or the
bins so I wanted to install in my home dir/Programs/Autodafe but when I
try and execute autodafe it's looking in /usr/local/etc/autodafe for the
.fuzz files.

(I had to modify the Makefiles in each dir to cp to the correct dir.)

I'm too tired ATM to look at modifications. But if you're using a
configure script it should respect the --prefix argument.

>
> Enjoy 8^P
I will once I'm more awake! And sorry if this seems like a petty thing.

>
> Martin Vuagnoux
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/


Cheers,
DanB.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ