1

I find fuzzing a bit to basic method if it comes to black box apps. I am specifically interested how to find a vulnerability in network protocols. I have read "Attacking Network Protocols" but only fuzzing was discussed.

  • 2
    With a real black box you start by knowing nothing. Based on this you can only test how the system reacts to random input. Once you have enough data how the system reacts to the input you might be able to see behavior patterns (i.e. use data analysis and experience with existing protocols). From there you might make conclusions of how the protocols works and generate more targeted input and maybe use/modify test suites for existing protocols. – Steffen Ullrich Nov 04 '18 at 17:17

1 Answers1

1

On a pure black box where all you have is input and output, you would have to fuzz it.

If all you had was an obscured executable file, which executed on a remote system available only by an API, that would be the closest you could really get to a pure black box test. For something like that fuzzing is the entry point.

Once you fuzzed you may find an error indicating input is being filtered for usage in a relational database. You may learn input limits, restricted words, rate limiting, etc.

It all starts with fuzzing.

Daisetsu
  • 5,110
  • 1
  • 14
  • 24