Tuesday, February 16, 2010

New fuzzing technic

While looking at jeremy brown most advanced fuzzer last night, i came up with a great idea for my fuzzing framework.

As you already know, I'm currently building a fuzzing framework called "TAODB",which fuzz:
- file format 
- networking protocols
- browsers
- * I/O

My idea goes as follow: 
Everyone fuzz inputs with value like
- \x00
- \x41
- \x80\x00\x00\x00
- \xff 

and they miserably fail, and i know why:

Why stopping at \xff when you could simply continue with \xzz\xxx\xww ?

Clever eh ?

I'm planning to use this new trick inside TAODB, and finally beat the radioshack dude  fuzzing technics.

Stay tuned, more great fuzzing tricks on the way !



 
Posted by at

5 comments:

  1. UnknownFebruary 16, 2010 at 8:04 PM

    You must be kidding!

    ReplyDelete
  2. i0nullFebruary 17, 2010 at 5:11 AM

    WTF?!?!

    ReplyDelete
  3. AnonymousFebruary 17, 2010 at 4:59 PM

    Jeremy is a prick, dont waste your time.

    ReplyDelete
  4. AnonymousFebruary 18, 2010 at 4:51 AM

    Well does this make you feel good now alan?

    ReplyDelete
  5. AnonymousFebruary 23, 2010 at 3:56 AM

    Hey fuzzing ninja, good stuff!

    Have you tried with special chars? I mean \x'" or \x!#? You may find some cool vulns too, such as SQL injection or XSS.

    Please keep on the good w0rk!

    ReplyDelete

Subscribe to: Post Comments (Atom)