« Apple goes public with security in Safari 4 | Main | Gary McKinnon set to face extradition after Crown Prosecution Service ruling »

Fuzzing for Fun and Profit

"Many different resources define fuzzing many different ways. I believe this definition is more suiting than most:

"Fuzzing is targeting input and delivering data that is handled by a target with the intent of identifying bugs."

Fuzzing can occur theoretically where ever input is possible.

There are two kinds of fuzzing: "dumb" and "smart". Dumb fuzzing is fuzzing without regard for any guidelines that may be required for input. Smart fuzzing is just the opposite. While dumb fuzzers are easy to write and easy to use, smart fuzzers are almost always preferred. Smart fuzzers actually know what how the handle the target's specifications for data. what input it can fuzz, and how to fuzz it. When we refer to fuzzers in this literature, the reader should assume we are elaborating on smart fuzzers.

Fuzzing can be done locally or remote. Some examples of local fuzzing is through command line, manipulating file formats, user interface input, and more. Remote fuzzing is usually fuzzing protocols, servers, etc.

The data you use to fuzz with, called the fuzzing oracle, is essential to being successful at fuzzing. The fuzzing oracle can be random data, or data that is not random at all but still provides reliable angles to fuzz which have proved successful in triggering bugs in the past. This article focuses on the latter technique. Linux is also the host operating system that our fuzzing examples will work on best and/or without modification."

Read more: http://www.milw0rm.com/papers/288


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!