Comments on: ProxyFuzz – MITM Network Fuzzer in Python http://www.darknet.org.uk/2007/06/proxyfuzz-mitm-network-fuzzer-in-python/ Ethical Hacking, Penetration Testing & Computer Security Sun, 08 Nov 2009 07:15:43 +0000 http://wordpress.org/?v=2.8.5 hourly 1 By: Daniel http://www.darknet.org.uk/2007/06/proxyfuzz-mitm-network-fuzzer-in-python/#comment-60136 Daniel Sat, 30 Jun 2007 00:23:52 +0000 http://www.darknet.org.uk/2007/06/proxyfuzz-mitm-network-fuzzer-in-python/#comment-60136 Darknet, i think you should make dre's comment into a post. It was interesting. Darknet, i think you should make dre’s comment into a post. It was interesting.

]]> By: Darknet http://www.darknet.org.uk/2007/06/proxyfuzz-mitm-network-fuzzer-in-python/#comment-60108 Darknet Fri, 29 Jun 2007 08:26:56 +0000 http://www.darknet.org.uk/2007/06/proxyfuzz-mitm-network-fuzzer-in-python/#comment-60108 Interesting info dre, I'll keep an eye on fuzzing.org. http://theartoffuzzing.com/ is currently a good resource too. Interesting info dre, I’ll keep an eye on fuzzing.org. http://theartoffuzzing.com/ is currently a good resource too.

]]> By: dre http://www.darknet.org.uk/2007/06/proxyfuzz-mitm-network-fuzzer-in-python/#comment-60049 dre Wed, 27 Jun 2007 22:39:00 +0000 http://www.darknet.org.uk/2007/06/proxyfuzz-mitm-network-fuzzer-in-python/#comment-60049 interesting. proxy fuzzing is a heuristic-based dissection technique used to automate or improve the performance of fuzz testing. it is not widely known or talked about, but is probably one of the best ways to improve fuzz testing results, especially in a pure black-box scenario (iow: lacking the capability to go gray box via reverse engineering through static binary or bytecode analysis). when i first saw this post, i was thinking that proxyfuzzer, a tool by <a href="http://www.codypierce.com/code.html" rel="nofollow">cody pierce</a> of <a href="http://dvlabs.tippingpoint.com/team/cpierce" rel="nofollow">dvlabs</a> (tippingpoint) was released. this tool goes further than ProxyFuzz because it does automatic mutation of plain-text fields. the internal tippingpoint version probably also does binary data, thus being able to change TLV and static values which could mess with parsers on either end of the connection. proxy fuzzer (and tons of other new tools) will be available on the fuzzing.org website once it goes live. there were a few things up there the other day, but now it's password protected for some reason. interesting. proxy fuzzing is a heuristic-based dissection technique used to automate or improve the performance of fuzz testing. it is not widely known or talked about, but is probably one of the best ways to improve fuzz testing results, especially in a pure black-box scenario (iow: lacking the capability to go gray box via reverse engineering through static binary or bytecode analysis).

when i first saw this post, i was thinking that proxyfuzzer, a tool by cody pierce of dvlabs (tippingpoint) was released. this tool goes further than ProxyFuzz because it does automatic mutation of plain-text fields. the internal tippingpoint version probably also does binary data, thus being able to change TLV and static values which could mess with parsers on either end of the connection.

proxy fuzzer (and tons of other new tools) will be available on the fuzzing.org website once it goes live. there were a few things up there the other day, but now it’s password protected for some reason.

]]>