Stack Overflow
Stack Overflow

Questions tagged [fuzzer]

A fuzzer is a tool used to provide invalid and unexpected data to the inputs of a program in order to obtain crashes, memory leaks or invalid program states.

A fuzzer is a tool used to provide invalid and unexpected data to the inputs of a program in order to obtain crashes, memory leaks or invalid program states.

37 questions
1
vote
1 answer

saving dom state in html

I am using a fuzzer called nduja which is written in Javascript embedded in html body. It creates random dom tree on the fly with every refresh but sadly the html state cant be saved. It creates dom tree but I dont know how to convert that dom tree…
user3354841
  • 11
  • 2
1
vote
1 answer

Brute Force with Java HTTP URL Connection

I'm trying to brute force a simple login form I myself created on my website. Initially I used WebScarab's fuzzer plugin, it's pretty fast. Then I want to customize more so I think I can get the brute force done with very simple coding. But to my…
Arch1tect
  • 4,128
  • 10
  • 48
  • 69
0
votes
0 answers

How to record each output during fuzzing?

I would like to record the output corresponding to each input during fuzzing, and when it is not equal to a specific value (instead of crashing) is to raise the fitness of the corresponding input. However, I have searched for the current mainstream…
ShawWu
  • 1
0
votes
0 answers

Fuzzer peach, why element "Choice" doesn't work?

Below is my fuzz peach file. As you can see, there is a element "Choice" in this xml file. What I want is in result file "poc.txt", there will be randomly generate string "222" or "555", but after peach running 2 hours, there is no poc.txt contain…
Darwin Zou
  • 26
  • 4
0
votes
0 answers

OWASP ZAP Pitchfork?

I am doing the Broken brute-force protection, IP block lab Have been trying to figure out a way to make a script that does the pitchfork attack by using the fuzzer http sender js template but I have no idea how to. tried using ZAP missing payload…
boo123
  • 1
0
votes
0 answers

Problem of running afl++ fuzzer on low order CPU

I want to run an AFL++ fuzzer, but one of my friends says that it can cause a lot of trouble on the kernel is that true, what if I run AFL++ fuzzer and have a permanent stain on my kernel? My machine configuration intel CPU core-i3 4GB RAM
jakepanda
  • 1
0
votes
0 answers

Running AFL fuzzer effect on kernel

Is there any danger or bad effect on kernel if I run American fuzzy loop plus on my core-i3 4GB RAM machine?
jakepanda
  • 1
0
votes
1 answer

Firmware AFL++ fuzzing fails

I want to do Iot firmware fuzzing by AFL++ on a Linux system https://blog.attify.com/fuzzing-iot-devices-part-1/ I have done the setup according to that link. when i run sudo QEMU_LD_PREFIX=./squashfs-root/ ../AFLplusplus/afl-fuzz -Q -i input-xml/…
saman naz
  • 53
  • 12
0
votes
1 answer

Why Fuzz images?

I am reading about fuzzing. I have some basic questions regarding fuzzing. I searched but couldn't find any good explanation. Why image files are popular and common for fuzzing? What is the benefit of using image files? Why png files are popular…
Nihar
  • 333
  • 1
  • 6
  • 18
0
votes
0 answers

how to find out the state of registers and the stack of an .exe with python script

I'm writing a fuzzer and I need to change the configuration file and run some .exe file that uses it, and try to break in this way .exe. I would like to know if Python has the ability to view the state of registers and stack of any application, so…
Ymn1chkA
  • 11
  • 2
0
votes
1 answer

subprocess return None what does that mean for my fuzzer

For school I have to make a fuzzer, I use Charle Miller to fuze pdf files. I want to check to amount of failure of an app. When I do result = process.communicate() print(result) it print (None,None) several times what does that mean?
elhi
  • 21
  • 2
0
votes
1 answer

How to fix syntax for fuzzing network layer on Sulley fuzzer

I was following the codes from https://www.slideshare.net/htbridge/fuzzing-an-introduction-to-sulley-framework. Below is the codes for kickfuzz.py. I faced invalid syntax for kickfuzz.py from sulley import * from requests import…
Wei Wei Tan
  • 11
  • 4
0
votes
1 answer

issue running "afl-fuzz -Q" with binary libraries

I am trying to use afl-fuzz to find security vulnerabilities in Android native libraries (ex. libssl.so, libhttp.so, etc). It's my understanding that I am supposed to use QEMU since afl by itself is not sufficient to find bugs without the source…
Sumayah AlManee
  • 3
  • 3
0
votes
1 answer

How to fuzz and preserve file

I want a fuzzer that fuzzes, but will not break the file itself. I mean, i want to randomly fuzz the file, but i want to be able to open it and test it afterwards (i don't want corrupted file). Take zzuf for example, when i use it to fuzz a mp3 or…
Mad Program
  • 129
  • 1
  • 1
  • 9
0
votes
1 answer

Fuzzing tool: Mutate integer within predefined range?

I am newbie to fuzzing tools, and basically, I would like to use fuzzing tool to test a specific function. Essentially, this function has three input parameter, and each parameter is a number, with range 0 to 0xffff. I would like to use a fuzzing…
lllllllllllll
  • 8,519
  • 9
  • 45
  • 80
1
2
3