IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [fuzzing]

Fuzzing is a testing technique that consists on passing malformed data as input to programs trying to uncover vulnerabilities in the handling of this malformed input data.

100 questions
2
votes
1 answer

Does it have sense to fuzz a ASCII file format with mutators that mess with Unicode or String Case?

I'm trying to fuzz an ASCII file format. Specifically, I'm defining some HTML5/HTML structures to be used as definition file for a smart fuzzer to fuzz web browsers. This smart fuzzer allows to exclude some of the included mutators. The number of…
kinunt
  • 2,759
  • 2
  • 23
  • 30
2
votes
0 answers

Analyzing binary by ZZUF and PEACH fuzzers

I have installed two different fuzzer ZZUF and PEACH fuzzers. Unfortunately, my lack of knowledge I could not test C++ binaries by both fuzzers. Testing binaries process is not given PEACH and ZZUF tutorials. For example abc.c int main(void) { …
Ali
  • 31
  • 3
2
votes
2 answers

What is the importance of fuzzing?

I’ve heard a lot about fuzzing website parameters with programs like OWASP-zap but what is the importance of it? A simple active scan finds vulnerabilities in a website such as XSS. So why do we need the fuzzer? If someone could shed some light on…
CoderPE
  • 126
  • 1
  • 9
2
votes
0 answers

ASN.1-based network protocol fuzzer

I want to do network protocol-based fuzzing using a network protocol specified in ASN.1. After investigating the available open source tools, I need to decide between the Peach community edition, Sulley and Boofuzz. But because Peach and Sulley are…
Pete
  • 21
  • 1
2
votes
0 answers

Burpsuite - CSRF Token Macro

I implemented a website using the vaadin-framework. When I send a request to my server, there is some data in my POST-Request which looks like: {"csrfToken":"3df2f528-15c7-434c-8505-539be1c44157","rpc":[["13","v","v",["text",["s","Nazar…
Nazar Medeiros
  • 161
  • 8
2
votes
1 answer

Run fuzzer on any service or process in Linux

I have seen examples of fuzzers to submit different inputs to some application or port. How can we run fuzzers on services or processes like any background process for any application? Any ideas or help will be appreciated.
user3754136
  • 135
  • 4
1
vote
0 answers

Google Chrome Crash Report Analysis

I am new to the field of crash analysis. I recently, by accident, happened to crash Google Chrome. I do not know the reason as to why the crash really happened. I'd like to know it in depth though. When the crash happened, there was a Crash report…
qre0ct
  • 1,492
  • 3
  • 19
  • 30
1
vote
2 answers

How do I pass a list of cookies to Wfuzz?

I know that you can pass cookies in Wfuzz by using multiple -b parameters like so: wfuzz -w /path/to/wordlist -b cookie1=foo -b cookie2=bar http://example.com/FUZZ but I am wondering if you can pass a list of cookies, instead of doing them one by…
squelch
  • 23
  • 4
1
vote
1 answer

What is the way to know that the endpoint is down if there is an L4 / L7 balancer?

I'm writing an API-fuzzer and I want to detect if a sequence cause falling down of an endpoint of some service. Of course I can get 500 response code, but it's may be called from code of an endpoint. And there are any exact way to find out if a…
Sergey B
  • 11
  • 1
1
vote
1 answer

Should I take (Pen test) approval from AWS for Fuzz testing my Application API's hosted on AWS?

I wanted to Fuzz Tests my API's on my own stack which are hosted on AWS environment (Have used lambdas and API gateway) There are mostly GET APIs and only one PUT API.My requirement is to Fuzz Test the API headers and the body. For this I'm planning…
shaik sartaj
  • 11
  • 1
1
vote
0 answers

Android Exploit Development Lab

Looking to setup an exploit development environment to do the following: Fuzz Android libraries to find new vulnerabilities Re-create already existing bugs/vulnerabilities based on bug fixes found on the AOSP (write POC) Exploit development for…
Ihab
  • 111
  • 4
1
vote
1 answer

Criteria for selecting fields and network protocols for fuzzing

I want to test a specific device connected to different networks using fuzzing. For each network interface, there are different services listening using different protocols, with open specification. As i can not fuzz every network interface using…
lalu
  • 145
  • 8
1
vote
0 answers

Fuzzing of Mobile Applications

I have used AFL recently for fuzzing of OpenSSL and it worked great. Now I am interesting in fuzzing mobile applications like I have got some .apk and .ipa files which I need to fuzz. I searched on internet and found out about afl-android, ios-afl…
aneela
  • 201
  • 3
  • 10
1
vote
1 answer

Are there other methods than fuzzing for black box?

I find fuzzing a bit to basic method if it comes to black box apps. I am specifically interested how to find a vulnerability in network protocols. I have read "Attacking Network Protocols" but only fuzzing was discussed.
simple_elliot
  • 13
  • 2
1
vote
0 answers

First chance vs second chance during fuzzing in windbg

I tried to ask google and search here or at stackoverflow, but could not find the results I was looking for. Sorry if the question is a duplicate (please provide a link or hint to google it; thank you): When I'm fuzzing some app.exe on Windows,…
user183440
  • 11
  • 1
1 2 3
4
5 6 7