<<< Date Index >>>     <<< Thread Index >>>

Tutorial on Fuzzled



In preparation for the imminent release of Fuzzled 1.1, I spent this evening 
writing a short paper entitled "Writing a fuzzer using the Fuzzled 
framework".

The paper includes some of the techniques I use to dismantle protocols 
including documentation, observation and static analysis.  It then moves on 
to the fundamentals of implementing a protocol using the framework.  I talk 
about base requests, namespaces and tieing them together with factories with 
reference to Fuzzled::Protocol::HTTP, an example included in the framework.  
The paper also highlights a few tricks to the framework, including developing 
multi-threaded fuzzers, identifying offsets and parsing packets.  It ends  
with my techniques to identify vulnerabilities highlighted by fuzzers.

I'm sure none of the techniques themselves are new, but the application of 
them in the context of using the Fuzzled framework may provide some 
inspiration to others.

The full paper can be found at: 
http://www.nth-dimension.org.uk/utils/get.php?downloadsid=35.

Cheers,
Tim

PS If anyone wants to try a release candidate of Fuzzled 1.1, contact me off 
list and we'll see what we can do.
-- 
Tim Brown
<mailto:timb@xxxxxxxxxxxxxxxxxxxx>
<http://www.nth-dimension.org.uk/>