2

I have seen examples of fuzzers to submit different inputs to some application or port. How can we run fuzzers on services or processes like any background process for any application? Any ideas or help will be appreciated.

schroeder
  • 123,438
  • 55
  • 284
  • 319
user3754136
  • 135
  • 4
  • Do you have a particular fuzzer in mind? I'm not sure how this relates to Information Security, and might be better suited for Super User or Stack Overflow. – RoraΖ Nov 05 '15 at 12:25
  • 1
    That depends on the OS and on how you define services. Essentially systemd/upstart can give you a list of running services, but you'll have to manually figure out what kinds of inputs they take, anyway. – Steve Dodier-Lazaro Nov 05 '15 at 16:16

1 Answers1

2

Generally the goal of a fuzzer is to present an application with a variety of inputs through it's expected input sources and then measure how it responds. I'm not sure there's value in fuzzing with the memory of a running application and then seeing what happens.

Interesting, possibly, but not valuable from a security point of view.

If the threat scenario you're concerned about has an attacker in position to read or manipulate application memory then input validation or bounds checking for that application is the least of your worries.

I would focus fuzzing on the standard input channels for your application. For example if you're examining a web browser I would focus on these input channels:

  • Local system files (html pages or media)
  • Html content returned from a server (html pages)
  • Media content returned from a server (video, flash, images)
  • Input to the navigation bar

My guess is that if you scramble the memory of a running process it's probably just going to crash and I'm not sure if that tells you anything useful.

u2702
  • 2,086
  • 10
  • 11
  • Can anyone run fuzzer on services running on ports like ftp, openssh, apache etc – user3754136 Nov 27 '15 at 11:02
  • "Could" and "should" are very different words! You can do anything that the "system" will let you (the system is the network/firewalls between you and the target and the configuration of the service). The service may block or throttle your connections. It may also be forbidden by the T&Cs. Also, without local access to the system you may not have full access to see what affect your fuzzing is having which is the point of fuzzing. – u2702 Nov 29 '15 at 01:30
  • Agreed, i am running it in a small lab environment with 2-3 physical machines connected to a local network all owned and controlled by me. Was just trying to understand if a service is running then does that mean we could run a fuzzer on it to pass inputs to it and if it crashes does that mean a exploit can be developed on it. – user3754136 Nov 30 '15 at 12:18