27 June 2007 | 9,500 views

ProxyFuzz – MITM Network Fuzzer in Python

Want to Learn Penetration Testing

ProxyFuzz is a man-in-the-middle non-deterministic network fuzzer written in Python. ProxyFuzz randomly changes (fuzzes) contents on the network traffic. It supports TCP and UDP protocols and can also be configured to fuzz only one side of the communication. ProxyFuzz is protocol agnostic so it can randomly fuzz any network communication.

ProxyFuzz is a good tool for quickly testing network protocols and provide with basic proof of concepts. Using this tool you will be amazed by the poor quality of software and you will see clients and servers dying upon unexpected input, just be prepared to see the very weird behaviours.

Syntax of ProxyFuzz:


ProxyFuzz 0.1, Simple fuzzing proxy by Rodrigo Marcos

usage():

python proxyfuzz -l  -r  -p  [options]

 [options]

                -w: Number of requests to send before start fuzzing

                -c: Fuzz only client side (both otherwise)

                -s: Fuzz only server side (both otherwise)

                -u: UDP protocol (otherwise TCP is used)

                -v: Verbose (outputs network traffic)

                -h: Help page

A demo of ProxyFuzz is available here.

The video shows ProxyFuzz proxying traffic between a VMWare Console and a VMWare Server. This is just a dumb example of the things you can do with this tool.

Download ProxyFuzz 0.1 Source Code

Download ProxyFuzz 0.1 Windows Binary

Or read more here.

Post to Twitter Post to Facebook Post to Google Buzz Post to Delicious Post to Digg Post to Reddit Post to StumbleUpon


Tags: , , , , , , , , ,


# Posted in: Hacking Tools, Network Hacking | * 3 Comments


Recent in Hacking Tools:
- Arachni v0.4 Released – High-Performance (Open Source) Web Application Security Scanner Framework
- Patator – Multi Purpose Brute Forcing Tool
- MySQLPasswordAuditor – Free MySQL Audit/Password Recovery & Cracking Tool

Related Posts:
- Taof 0.1 Network Protocol Fuzzer Released
- LLDP – Link Layer Discovery Protocol Fuzzer
- Browser Fuzzer 3 (bf3) – Comprehensive Web Browser Fuzzing Tool

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,630,856 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 899,225 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 505,313 views

Advertise on Darknet


3 Responses to “ProxyFuzz – MITM Network Fuzzer in Python”

  1. dre 27 June 2007 at 10:39 pm Permalink

    interesting. proxy fuzzing is a heuristic-based dissection technique used to automate or improve the performance of fuzz testing. it is not widely known or talked about, but is probably one of the best ways to improve fuzz testing results, especially in a pure black-box scenario (iow: lacking the capability to go gray box via reverse engineering through static binary or bytecode analysis).

    when i first saw this post, i was thinking that proxyfuzzer, a tool by cody pierce of dvlabs (tippingpoint) was released. this tool goes further than ProxyFuzz because it does automatic mutation of plain-text fields. the internal tippingpoint version probably also does binary data, thus being able to change TLV and static values which could mess with parsers on either end of the connection.

    proxy fuzzer (and tons of other new tools) will be available on the fuzzing.org website once it goes live. there were a few things up there the other day, but now it’s password protected for some reason.

  2. Darknet 29 June 2007 at 8:26 am Permalink

    Interesting info dre, I’ll keep an eye on fuzzing.org. http://theartoffuzzing.com/ is currently a good resource too.

  3. Daniel 30 June 2007 at 12:23 am Permalink

    Darknet, i think you should make dre’s comment into a post. It was interesting.