Fuzz Testing for Dummies

By: Michael Orland

Fuzz Testing
Providing unexpected, invalid, or random data to an application with the intention of triggering a bug
• Unexpected behavior
• Crashes
— Buffer overflows
— Integer overflows
— Memory corruption
— Format string bugs


Fuzzing Methods
Smart (generational) fuzzing
• Requires in-depth knowledge of target and specialized tools —
Dranzer ActiveX fuzzer •
Results —
Less crash analysis required —
Less duplication of findings Dumb (mutational) fuzzing •
Requires no knowledge of target, existing tools •
Results —
More crash analysis required —
More duplication of finding

Dumb(
est
) Fuzzing
Charlie Miller’s “five lines of python” dumb fuzzer •
Found vulnerabilities in PDF readers and Office presentation software
numwrites
=
random.randrange
(
math.ceil((float(len(buf)) /FuzzFactor)))+1for j in range
(numwrites):rbyte=random.randrange(256)rn
=random.randrange(len(buf))buf[rn] = "%c"%(rbyte);
<http://google.com/files/slides/cmiller_CSW_2010.ppt>

Fuzzing
Framework Requirements
Features required for an effective fuzzing framework
•
Test case generation •
Application execution •
Anomaly detection •
Crash reporting

CERT Fuzzing Tools
Dranzer
: Smart ActiveX
fuzzer
File format
fuzzers
•
BFF: Basic Fuzzing Framework •
FOE: Failure Observation Engine •
Most effective against uncompressed binary formats

Full article...

Other Resource

... to read more articles, visit http://sqa.fyicenter.com/art/