Stack Overflow
Stack Overflow

Questions tagged [fuzzing]

Testing software by presenting it with invalid input to find errors in input validation and handling.

Fuzzing or Fuzz-testing is a type of software test where the software is presented with invalid input to find errors in input validation and handling.

Fuzz testing is often automated.

Wikipedia Article

258 questions
0
votes
1 answer

Fuzz TCP packet using Peach Fuzzer

I have two applications say, Sender.exe and Receiver.exe. I have to fuzz the tcp packets sent between the sender to the receiver. I'm beginner to Peach Fuzzer. Could you please give a sample example (Peach Pit) of how to fuzz TCP packets. I'm not…
user2338040
  • 101
  • 11
0
votes
1 answer

How can i gather lots of files from one filetype?

Im trying to fuzz some tools but i need a huge amount of .zip or .jpg files for that. I ve tried crawlers like webripper but its not very effective (or im doing it wrong). Is there a better way to get lots of different files?
Ki_Netic
  • 110
  • 1
  • 10
0
votes
1 answer

Recording failed fuzz tests for re-execution later

I am looking for a better way to save interesting results from fuzz testing to repeat later. The current plan is to serialise the failing input and write it out as a test case. Say we want to test: int function_under_test(struct arbitrary *); Say…
Jon Chesterfield
  • 2,251
  • 1
  • 20
  • 30
0
votes
1 answer

pcapy.findalldevs() No valid interfaces to open

I am trying to run Sulley's (the fuzzer) "network_monitor.py" on an Ubuntu vm. Everytime I do, I get the following error. pcapy.PcapError: No valid interfaces to open I believe that this has little to do with the code I am running it in, because…
mNeubauer
  • 27
  • 1
  • 5
0
votes
1 answer

Write output of fts(3) to file

I am developing a file fuzzer that mutates music files and feeds them to iTunes. I already developed code to mutate the music file, but I want to use more than one music file to increase code coverage. So I want to traverse my iTunes library and…
2trill2spill
  • 1,333
  • 2
  • 20
  • 41
0
votes
1 answer

File Fuzzing with Peach

I am a beginner in file fuzzing.I want to fuzz Adrenalin Player 2.2.5.3 with peach 3 and during compile got a problem. when I enter this command c:\peach\peach.exe wav.xml receive this error: unable to locate test named "Default". and here is my…
Aghdas
  • 75
  • 1
  • 10
0
votes
1 answer

Fuzzing dynamic assigned ports with sulley

I want to fuzz a network protocol with sulley. The problem is that the port I need to fuzz is dynamically chosen by the server. I use a pre_send function to contact the server and receive the dynamic port. I parsed the port number out of the…
dynamo
  • 1
0
votes
2 answers

Socket.receive in python

I made a simple TCP fuzzer in Python. I need it to be able to receive some response and if I didn't get the response, break the loop. My code is this: import socket from time import sleep import sys ip = raw_input ("please insert host ip: ") port =…
Ba7a7chy
  • 1,471
  • 4
  • 14
  • 29
-1
votes
2 answers

Is there a way to check how scan and fuzz commands work at backend in ZAP?

We have a requirement to know how commands works at backend when triggered via OWASP ZAP Tool. This will help for data visualizing & interaction with ZAP and UI. For example: Commands like 'active scan' In ZAP Tool we select required site and click…
sridattas
  • 459
  • 1
  • 6
  • 21
-1
votes
1 answer

Apply fuzzing to a function that parses some string

Recently the Go team released a fuzzer https://blog.golang.org/fuzz-beta Can you help to describe what I can expect from the fuzzer in terms of test goals? How to apply the fuzzer? Give some insight about how long we would run it before considering…
user4466350
-1
votes
2 answers

How about Fuzzing a binary by reversing it to source code?

I am researching how to use AFL to fuzz a binary. I know that it is possible to use qemu mode to achieve it. However, using qemu mode really impact the fuzzing performance. Thus, I am wondering that what if I reverse the target binary to C code by…
desionxxx
  • 21
  • 3
-1
votes
2 answers

Can you use multiplication for commands in a bash script?

I am trying to make a simple script to start multiple fuzzers with AFL, I am prompting the users for the amount of fuzzers they want to start, storing the variable, and then want to issue the same command the number of times they specified. I.E.,…
Ryan Speciale
  • 1
-1
votes
1 answer

Should I take (Pen test) approval from AWS for Fuzz testing my Application API's hosted on AWS?

I wanted to Fuzz Tests my APIs on my own stack which are hosted on AWS environment (Have used lambdas and API gateway) There are mostly GET APIs and only one PUT API.My requirement is to Fuzz Test the API headers and the body. For this I'm planning…
shaik sartaj
  • 49
  • 1
  • 2
  • 5
-2
votes
1 answer

Can you analyze this result from address sanitizer

enter image description here I ran AFL fuzzer to open source program and I ran the program with the output crash from the fuzzing. This is the result of address sanitizer but I am not sure what this error actually is. And where do I have to look…
liliput
  • 1
-2
votes
1 answer

Fuzzing framework needed for ISO 14443

which fuzzing framework would be suitable for ISO 14443 protocol? I have looked into sulley framework but that is out of maintenance.
JINESH SHAH
  • 1
  • 1
1 2 3
17
18