Tutorial on Fuzzled
In preparation for the imminent release of Fuzzled 1.1, I spent this evening
writing a short paper entitled "Writing a fuzzer using the Fuzzled
framework".
The paper includes some of the techniques I use to dismantle protocols
including documentation, observation and static analysis. It then moves on
to the fundamentals of implementing a protocol using the framework. I talk
about base requests, namespaces and tieing them together with factories with
reference to Fuzzled::Protocol::HTTP, an example included in the framework.
The paper also highlights a few tricks to the framework, including developing
multi-threaded fuzzers, identifying offsets and parsing packets. It ends
with my techniques to identify vulnerabilities highlighted by fuzzers.
I'm sure none of the techniques themselves are new, but the application of
them in the context of using the Fuzzled framework may provide some
inspiration to others.
The full paper can be found at:
http://www.nth-dimension.org.uk/utils/get.php?downloadsid=35.
Cheers,
Tim
PS If anyone wants to try a release candidate of Fuzzled 1.1, contact me off
list and we'll see what we can do.
--
Tim Brown
<mailto:timb@xxxxxxxxxxxxxxxxxxxx>
<http://www.nth-dimension.org.uk/>