Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Announce] New Fusil fuzzer

from [Victor Stinner] Network Security [Permanent Link]
Subject: [Announce] New Fusil fuzzer
Date: Tue, 27 Nov 2007 23:09:45 +0100 
Fusil is a fuzzing framework written in Python and distributed under GNU GPLv2 
license. 

It allows to easily write so-called "Fuzzing projects" from a set of functions 
and the power of Python: create a process, compile C program, watch a 
process, watch syslog, etc.

Available projects: gettext, clamav, libc_printf, php, linux_ioctl, mplayer, 
identify, etc.

Website: http://fusil.hachoir.org/trac



Example of gettext session:

   $ ./run_fusil.sh -p project/poppler.py ~/document.pdf
   [application] Fusil version 0.5 -- GNU GPL v2
   [application] http://fusil.hachoir.org/
   [application] Load project project/poppler.py
   [session 1][project] Start session
   (...)
   [session 994][watch:process:pdftotext] Process killed by signal SIGSEGV
   [session 994][project] End of session: score=75.0%, duration=0.378 second
   [session 994][session_dir] Success: keep directory 
      '/home/toady/local/scm/svn/fusil/project-0008/session-0005'
   [project] Project done: : 5 session in 0.9 second (181.6 ms per session),
      total 0.9 second
   [application] Exit Fusil

Last session (success) is stored in project-0003/session-0994/. We can 
reproduce the crash with:
   
   $ evince document.pdf
   Error (0): PDF file is damaged - attempting to reconstruct xref table...
   Error (44780): Dictionary key must be a name object
   (...)
   Segmentation fault



Fusil uses small "agents" which exchange messages to launch actions. Eg. 
MangleFile injects errors in valid file (PDF file, AVI movie, JPEG picture, 
etc.). And then Fusil uses generated filename to run a process.

Each project session has a score between -100% (application rejects fuzzy 
data) and 100% (success). Many probes exist to compute session score:
  +100% for process killed by a signal (WatchProcess)
  +100% for "segmentation fault" text pattern in process stdout (FileWatch)
  -100% if session is too fast (TimeWatch)
  etc.

For fuzzing safety, Fusil limits process memory, process priority, only copy 
few environment variables, create a temporary directory used as working 
directory, etc.


Victor Stinner aka haypo
http://hachoir.org/

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Announce] New Fusil fuzzer, Victor Stinner <=
Previous by Date:  Re: replay captured tcpdump sessions to the screen?, Christian Ehlen
Next by Date:  Re: replay captured tcpdump sessions to the screen?, offset
Previous by Thread:  Re: VOIP Pen TEST, eladexposed
Next by Thread:  john logs, sean . hope
Indexes:  [Date] [Thread] [Top] [All Lists]