Fuzz Testing for Dummies
By: Michael Orland
Fuzz Testing
Providing unexpected, invalid, or random data to an
application with the intention of triggering a bug
Unexpected behavior
Crashes
Buffer overflows
Integer overflows
Memory corruption
Format string bugs
Fuzzing Methods
Smart (generational) fuzzing
Requires in-depth knowledge of target and specialized
tools
Dranzer
ActiveX
fuzzer
Results
Less crash analysis required
Less duplication of findings
Dumb (mutational) fuzzing
Requires no knowledge of target, existing tools
Results
More crash analysis required
More duplication of finding
Dumb(
est
) Fuzzing
Charlie Millers five lines of python dumb
fuzzer
Found vulnerabilities in PDF readers and Office
presentation software
numwrites
=
random.randrange
(
math.ceil((float(len(buf)) /FuzzFactor)))+1for j in range
(numwrites):rbyte=random.randrange(256)rn
=random.randrange(len(buf))buf[rn] = "%c"%(rbyte);
<http://google.com/files/slides/cmiller_CSW_2010.ppt>
Fuzzing
Framework Requirements
Features required for an effective fuzzing framework
Test case generation
Application execution
Anomaly detection
Crash reporting
CERT Fuzzing Tools
Dranzer
: Smart ActiveX
fuzzer
File format
fuzzers
BFF: Basic Fuzzing Framework
FOE: Failure Observation Engine
Most effective against uncompressed binary formats
Full article...
Other Resource
... to read more articles, visit http://sqa.fyicenter.com/art/
|