Introduction:
In the same vein as the Generic Protocol Framework, I've written a really simple to use black box testing suite called Simple Fuzzer (what else would you expect?). The goal is to provide a simple to use, but fairly powerful and flexible black box testing utility. Currently, the "premier" black box testing utility is SPIKE. However, SPIKE has a pretty steep learning curve, which is to be expected with something THAT powerful. For my own use though, I didn't need such power, and it turns out that it can be a detriment as it hoses the ability for others to write and run their own black box tests.
New with 0.6.1 - updated a crash during UDP fuzzing.
New with 0.6 - 0.6 introduces a number of improvements over 0.5, notably the ability to fuzz as either a client or server, the ability to use returned packet data in the fuzz, the ability to fuzz using IPv6 networks, AND an improved file / plugin loading system which tries to intelligently use a search path. There are a number of bugfixes, and enhancements in this edition. Additionally, 0.6 tries to squeeze even more quality than 0.5 which won a Softpedia award for quality and for 100% free. This release really couldn't have gone out without the help of Mr. Ricky-Lee Birtles, so a big thanks to him.
New with 0.5 - Added plugin support (see plugin.txt for more information), fixed a few loading and parsing bugs, and (possibly) fixed the snoop.exe issues with XP SP2 and Vista (don't have a machine to test on at the moment).
New with 0.4 - Fixed some parsing and replacement issues. Added binary substitution (see sfuzz-sample/basic.a11 for an initial a11 udp packet). Fixed the windows and linux ports of snoop. New command line options.
New with 0.3 - Added symbol support, and sequence stepping. Also fixed build issues and bugs with windows!
NEW - Added new fuzz targets (cvs, rtsp, smtp, and expanded http)! Also added the ability to keep a connection open between fuzz cases!
Basic Usage:
This is a very simple fuzzer. It is reminiscent of easy-fuzz from 2004 written by priest of the priestmasters. His layout for building a fuzzy test was pretty nice. A "script" file, with a preamble - setting some basic state and variable, followed by the "meat and potatoes" tests. Since I really liked this approach, I sto^H^H^Hborrowed it for my own. naturally, since I wrote my code from scratch I was able to do things I wanted without being tied to his design decisions.
Sample use:
View basic HTTP fuzz
View basic CVS pserver fuzz
Download here (windows users can get source - requires mingw to build - or binary versions). Current version: 0.6.1
- Historical versions: 0.6, 0.5, 0.4, 0.3, 0.2, 0.1
CVS build: none
Cool! - Vivek Ramachandran of securitytube.net did a really nice example of using SFuzz 0.2! You can view that here.
Cool! - The Grey Corner published a guest entry from Lincoln who describes finding the Big Ant 0-day using Simple Fuzzer 0.5.
