01 November 2007 | 6,343 views

Tutorial for Fuzzled – Writing a Fuzzer with the Fuzzled Framework

Check Your Web Security with Acunetix

If you remember we mentioned Fuzzled a little while back, the PERL fuzzing framework. Apparently Fuzzled 1.1 should be coming out soon.

Fuzzled is a powerful fuzzing framework. Fuzzled includes helper functions, namespaces, factories which allow a wide variety of fuzzing tools to be developed. Fuzzled comes with several example protocols and drivers for them.

Someone was kind enough to write a short paper on how to use fuzzled to write a simple fuzzer. The paper includes some techniques used to dismantle protocols including documentation, observation and static analysis.

To quote the author:

The paper includes some of the techniques I use to dismantle protocols including documentation, observation and static analysis. It then moves on to the fundamentals of implementing a protocol using the framework. I talk about base requests, namespaces and tieing them together with factories with reference to Fuzzled::Protocol::HTTP, an example included in the framework. The paper also highlights a few tricks to the framework, including developing multi-threaded fuzzers, identifying offsets and parsing packets. It ends with my techniques to identify vulnerabilities highlighted by fuzzers.

You can download the paper here:

WAFUTFF [PDF]



Recent in Hacking Tools:
- Arachni v1.0 Released – Web Application Security Scanner Framework
- iSniff-GPS – Passive Wifi Sniffing Tool With Location Data
- masscan – The Fastest TCP Port Scanner

Related Posts:
- Fuzzled – PERL Fuzzing Framework
- Browser Fuzzer 3 (bf3) – Comprehensive Web Browser Fuzzing Tool
- fm-fsf – Freakin’ Simple Fuzzer – Cross Platform Fuzzing Tool

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,870,848 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,061,994 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 625,412 views

Low-cost VPS Hosting

5 Responses to “Tutorial for Fuzzled – Writing a Fuzzer with the Fuzzled Framework”

  1. dirty 6 November 2007 at 6:14 pm Permalink

    does anyone know when fuzzled 1.1 is coming out

  2. Darknet 7 November 2007 at 6:19 am Permalink

    dirty: They are just polishing it off right now, you can request a pre-release if you are interested from the author. If not it should be fairly soon (within November I’d guess).

  3. dirty 7 November 2007 at 9:01 pm Permalink

    darknet
    Thanks!! sounds good

  4. Tim Brown 15 November 2007 at 12:53 am Permalink

    Fuzzled 1.1 is now out at http://www.nth-dimension.org.uk/downloads.php?id=15. I’m actually already working on the 2.x branch. Whilst 1.x fuzzers will still work under 2.x, my current focus has been abstracting the producer/consumer model and shared memory management used by Fuzzled. The upshot is that the protocol modules themselves are much, much cleaner.