What is Fuzz Testing?
Fuzz testing or Fuzzing is a software testing technique, often used to discover security weaknesses in applications and protocols. The basic idea is to attach the inputs of a program to a source of random or unexpected data. If the program fails (for example, by crashing, or by failing in-built code assertions), then there are defects to correct. It should be noted that the majority of security vulnerabilities, from buffer overflows to cross-site scripting attacks, are generally the result of insufficient validation of user-supplied input data. Bugs found using fuzz testing are frequently severe, exploitable bugs that could be used by a real attacker. This has become even more true as fuzz testing has become more widely known, as the same techniques and tools are now used by attackers to exploit deployed software. This is a major advantage over binary or source auditing, or even fuzzing’s close cousin, fault injection, which often rely on artificial fault conditions that are difficult or impossible to exploit.
Savant Web Server fuzzing (HTTP protocol): This video shows a buffer overflow on the Savant Web Server when a long GET request is made.
Vulnerability:
CVE-2002-1120
BID 5686
WarFTPd FTP Server fuzzing (FTP protocol): WarFTPd 1.65 FTP server is vulnerable to a buffer overflow in the authentication process. The video demonstrates the use of TAOF to recreate the bug.
NaviCOPA Web Server fuzzing (HTTP protocol): NaviCOPA web server is vulnerable to a buffer overflow when a client sends a GET request against the ‘cgi-bin’ folder followed by a long string.
这个是一款支持windows UI界面工具,使用方便,是菜鸟入门,探亲访友,装腔作势的好工具-_-
这里列出了一些工具 ,我接下来可能要介绍的
名称 简介 备注
Sulley Sulley is a fuzzer development and fuzz testing framework consisting of multiple extensible components Python的fuzzing框架,包括进程监视、网络监视、虚拟机控制
SPIKE SPIKE is an attempt to write an easy to use generic protocol API that helps reverse engineer new and unknown network protocols. It features several working examples. Includes a web server NTLM Authentication brute forcer and example code that parses web applications and DCE-RPC (MSRPC). 一个C++的接口 fuzz框架,fuzz http server等比较成熟。
Autodafe Autodafe is a fuzzing framework that can be used to identify boundary validation and other issues in protocols and applications. Written by Martin Vuagnoux. 支持sniffer包 自动生成测试数据,基于block,自动计算block的大小,带调试器,能自动监控 危险函数和测试用例间的情况,比较好的一个。
dfuz a remote protocol fuzzer/triggerer which can do many things such as sending random data/random sizes, together with the data you want. it has alot of ways to tell the program to use this data by using rule files which will be later parsed by the program itself, and with several options and ways to make it very specific, and very flexible. It’s not only a remote protocol fuzzer as itself, but it is a scripting-like motor on which you can create any kind of payload. User-friendly.(Unix) 一个简单易用的fuzz工具
taof Written in Python, a cross-platform GUI driven network protocol fuzzing environment for both UNIX and Windows systems. Python,基于代理模式,不支持UDP
更多的到这里找吧,我懒得转了
http://hi.baidu.com/linshifei/blog/item/fdd838fb5c2e868c9f5146ad.html
