"Open Source Fuzzing Tools" is written by Gavi Evron and does an excellent job providing a broad range of tools used for fuzzing and their basic usage. There is even a chapter that walks you through building your own file fuzzing tool in perl.
Some specific points that I learned from this book:
- There are (at least) three flavors of fuzzing: 1)File fuzzing- where you create malformed files used by the application. 2) Network fuzzing - network traffic used by the application are malformed and sent and 3) Library fuzzing - calling libraries directly with malformed input.
- The more you know about the workings of the application, the better you can tune your fuzzer to generate malformed data.
- The more you know about assmebler, compilers, bytecode, and TCP/IP, the better. These are the building-blocks for fuzzing.
It's possible to run many of these tools, such as wsfuzzer, without a deep understanding of the application and the underlying technologies, but the more you know, the better you are able to understand the output and take appropriate action.
Some specific points that I learned from this book:
- There are (at least) three flavors of fuzzing: 1)File fuzzing- where you create malformed files used by the application. 2) Network fuzzing - network traffic used by the application are malformed and sent and 3) Library fuzzing - calling libraries directly with malformed input.
- The more you know about the workings of the application, the better you can tune your fuzzer to generate malformed data.
- The more you know about assmebler, compilers, bytecode, and TCP/IP, the better. These are the building-blocks for fuzzing.
It's possible to run many of these tools, such as wsfuzzer, without a deep understanding of the application and the underlying technologies, but the more you know, the better you are able to understand the output and take appropriate action.
No comments:
Post a Comment