[fuzzing] Fuzzer proxy
Charlie Miller
cmiller at securityevaluators.com
Thu Sep 14 08:05:32 CDT 2006
Well, since I'm looking for something already out there, I can't be too
choosy ;) But, I was thinking at a minimum it might do the equivalent
of FileFuzz for tcp packet data, on the fly. It would be great if it
could do block-based manipulation, but at that point you are talking
about a pretty sophisticated tool, which we'd all probably be using if
it was any good.
I guess I was just looking for something that could find the lowest of
the hanging fruit in some obscure client/server without having to write
a new fuzzer, without having to replay captured traffic, etc. Just
stick it in the middle and interact normally with the client and server.
I only bring it up because it seems like I've seen something like
this before and didn't want to reinvent the wheel. Thanks for all the
comments.
Charlie
Gadi Evron wrote:
> On Wed, 13 Sep 2006, Charlie Miller wrote:
> Does anyone know of a generic fuzzer that would work as a transparent
> proxy that you could stick between an arbitrary client and server? This
> proxy could randomly flip bits or perform some other trivial action or
> do something more complicated. I know Immunity and others have one for
> web apps, but I'm looking for one that could work on an arbitrary binary
> protocol. Someone must have something like this. I could see doing it
> in a few lines of perl, but if there is something already out there with
> some thought put in it, why not use it. Thanks,
>
>> Just to clarify, you are looking for a traffic manipulation fuzzer? Does
>> it do block-based value manipulation or something more?
>
>> Just wondering.
>
> Charlie
_______________________________________________
fuzzing mailing list
fuzzing at whitestar.linuxbox.org
http://www.whitestar.linuxbox.org/mailman/listinfo/fuzzing
>>
More information about the fuzzing
mailing list