Introduction:
In the same vein as the Generic Protocol Framework, I've written a really simple to use black box testing suite called Simple Fuzzer (what else would you expect?). The goal is to provide a simple to use, but fairly powerful and flexible black box testing utility. Currently, the "premier" black box testing utility is SPIKE. However, SPIKE has a pretty steep learning curve, which is to be expected with something THAT powerful. For my own use though, I didn't need such power, and it turns out that it can be a detriment as it hoses the ability for others to write and run their own black box tests.
NEW AND EXCITING - I'm pleased to announce that the sfuzz source code is now available to the general public via a git interface at sourceforge. The way to grab this code is via the git repository: git://sfuzz.git.sourceforge.net/gitroot/sfuzz/sfuzz . This repository will be my working repository from now on, and will contain the latest mainline sfuzz development code. Feel free to clone it via whichever git client you enjoy most.
New with 0.6.2 - Updated snoop to be more feature rich, fix a sequence issue, and fix plugin link issues. Also added better cross-compilation support to the make system.
New with 0.6.1 - updated a crash during UDP fuzzing.
New with 0.6 - 0.6 introduces a number of improvements over 0.5, notably the ability to fuzz as either a client or server, the ability to use returned packet data in the fuzz, the ability to fuzz using IPv6 networks, AND an improved file / plugin loading system which tries to intelligently use a search path. There are a number of bugfixes, and enhancements in this edition. Additionally, 0.6 tries to squeeze even more quality than 0.5 which won a Softpedia award for quality and for 100% free. This release really couldn't have gone out without the help of Mr. Ricky-Lee Birtles, so a big thanks to him.
New with 0.5 - Added plugin support (see plugin.txt for more information), fixed a few loading and parsing bugs, and (possibly) fixed the snoop.exe issues with XP SP2 and Vista (don't have a machine to test on at the moment).
New with 0.4 - Fixed some parsing and replacement issues. Added binary substitution (see sfuzz-sample/basic.a11 for an initial a11 udp packet). Fixed the windows and linux ports of snoop. New command line options.
New with 0.3 - Added symbol support, and sequence stepping. Also fixed build issues and bugs with windows!
New with 0.2 - Added new fuzz targets (cvs, rtsp, smtp, and expanded http)! Also added the ability to keep a connection open between fuzz cases!
Basic Usage:
This is a very simple fuzzer. It is reminiscent of easy-fuzz from 2004 written by priest of the priestmasters. His layout for building a fuzzy test was pretty nice. A "script" file, with a preamble - setting some basic state and variable, followed by the "meat and potatoes" tests. Since I really liked this approach, I sto^H^H^Hborrowed it for my own. naturally, since I wrote my code from scratch I was able to do things I wanted without being tied to his design decisions.
Sample use:
View basic HTTP fuzz
View basic CVS pserver fuzz
Download here (windows users can get source - requires mingw to build - or binary versions). Current version: 0.6.2
- Historical versions: 0.6.1, 0.6, 0.5, 0.4, 0.3, 0.2, 0.1
CVS build: 0.6.3
Cool! - Vivek Ramachandran of securitytube.net did a really nice example of using SFuzz 0.2! You can view that here.
Cool! - The Grey Corner published a guest entry from Lincoln who describes finding the Big Ant 0-day using Simple Fuzzer 0.5.
