[fuzzing] Fuzzer proxy
Matthew Franz
mdfranz at gmail.com
Wed Sep 13 23:56:55 CDT 2006
This would be very cool, as it would allow you to skip over the
hanshake/auth/whatever and not have to get the protocol to some state
the way "blind" fuzzers do.
Probably the only thing I've seen that might be close (in spirit, but
not yet in implementation) is Jeremy Rauch's PDB. I could be wrong,
but right now it is not yet stream based and I'm not sure the current
version builds easily yet. It didn't a month ago.
But Perl?! :)
- mdf
On 9/13/06, Charlie Miller <cmiller at securityevaluators.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Does anyone know of a generic fuzzer that would work as a transparent
> proxy that you could stick between an arbitrary client and server? This
> proxy could randomly flip bits or perform some other trivial action or
> do something more complicated. I know Immunity and others have one for
> web apps, but I'm looking for one that could work on an arbitrary binary
> protocol. Someone must have something like this. I could see doing it
> in a few lines of perl, but if there is something already out there with
> some thought put in it, why not use it. Thanks,
>
> Charlie
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.3 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFFCMeSonWhus7QWj4RApTyAKDvH0VVXE2NLeV+XNusqxJN/1F5zQCg003D
> WQiqCs+TU0ieqDr9QL6inac=
> =A6nr
> -----END PGP SIGNATURE-----
> _______________________________________________
> fuzzing mailing list
> fuzzing at whitestar.linuxbox.org
> http://www.whitestar.linuxbox.org/mailman/listinfo/fuzzing
>
--
Matthew Franz
http://www.threatmind.net/
More information about the fuzzing
mailing list