If you remember we mentioned Fuzzled a little while back, the PERL fuzzing framework. Apparently Fuzzled 1.1 should be coming out soon.
Fuzzled is a powerful fuzzing framework. Fuzzled includes helper functions, namespaces, factories which allow a wide variety of fuzzing tools to be developed. Fuzzled comes with several example protocols and drivers for them.
Someone was kind enough to write a short paper on how to use fuzzled to write a simple fuzzer. The paper includes some techniques used to dismantle protocols including documentation, observation and static analysis.
To quote the author:
The paper includes some of the techniques I use to dismantle protocols including documentation, observation and static analysis. It then moves on to the fundamentals of implementing a protocol using the framework. I talk about base requests, namespaces and tieing them together with factories with reference to Fuzzled::Protocol::HTTP, an example included in the framework. The paper also highlights a few tricks to the framework, including developing multi-threaded fuzzers, identifying offsets and parsing packets. It ends with my techniques to identify vulnerabilities highlighted by fuzzers.
You can download the paper here:
WAFUTFF [PDF]
does anyone know when fuzzled 1.1 is coming out
dirty: They are just polishing it off right now, you can request a pre-release if you are interested from the author. If not it should be fairly soon (within November I’d guess).
darknet
Thanks!! sounds good
Fuzzled 1.1 is now out at http://www.nth-dimension.org.uk/downloads.php?id=15. I’m actually already working on the 2.x branch. Whilst 1.x fuzzers will still work under 2.x, my current focus has been abstracting the producer/consumer model and shared memory management used by Fuzzled. The upshot is that the protocol modules themselves are much, much cleaner.