If you remember we mentioned Fuzzled a little while back, the PERL fuzzing framework. Apparently Fuzzled 1.1 should be coming out soon.
Fuzzled is a powerful fuzzing framework. Fuzzled includes helper functions, namespaces, factories which allow a wide variety of fuzzing tools to be developed. Fuzzled comes with several example protocols and drivers for them.
Someone was kind enough to write a short paper on how to use fuzzled to write a simple fuzzer. The paper includes some techniques used to dismantle protocols including documentation, observation and static analysis.
To quote the author:
The paper includes some of the techniques I use to dismantle protocols including documentation, observation and static analysis. It then moves on to the fundamentals of implementing a protocol using the framework. I talk about base requests, namespaces and tieing them together with factories with reference to Fuzzled::Protocol::HTTP, an example included in the framework. The paper also highlights a few tricks to the framework, including developing multi-threaded fuzzers, identifying offsets and parsing packets. It ends with my techniques to identify vulnerabilities highlighted by fuzzers.
You can download the paper here:
- EyeWitness – A Rapid Web Application Triage Tool
- wig – WebApp Information Gatherer – Identify CMS
- Capstone – Multi-platform, Multi-architecture Disassembly Framework
- Fuzzled – PERL Fuzzing Framework
- Browser Fuzzer 3 (bf3) – Comprehensive Web Browser Fuzzing Tool
- fm-fsf – Freakin’ Simple Fuzzer – Cross Platform Fuzzing Tool
Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,845,151 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,030,514 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 613,392 views