Share this
The Leyman's Guide to Fuzzing
by Reflare Research Team on Dec 1, 2022 7:48:00 PM
Fuzzing can (among other things) be used to expose software bugs, test browser security, and perform static program analysis. However, as the types of fuzzers continue to expand, so do their use cases.
First Published 1st December 2022
'Fuzzy' - the animate Gucci loafer - was having none of it.
4 min read | Reflare Research Team
To fuzz or not to fuzz
These days it is almost impossible to read about software vulnerabilities without coming across the term ‘fuzzing”. Software fuzzing, also known as fuzz testing or fuzzing, is a form of software testing that focuses on finding software bugs or security vulnerabilities. It works by providing invalid or random data to a program and then observing the behaviour of the program. Fuzzing is an automated testing technique that helps identify weaknesses in software that may lead to security vulnerabilities.
The goal of fuzzing is to uncover bugs or security flaws in software that may otherwise go unnoticed. It is a powerful tool to help developers and security professionals find security-critical bugs that can be exploited by malicious actors. It is often used to find vulnerabilities in web applications, operating systems, network protocols, and more.
A not-so-fuzzy concept
Fuzzing works by providing invalid or random data to a program and then observing the behaviour of the program. This data is typically generated automatically by a fuzzing engine, which can be either open-source or proprietary. The fuzzing engine can generate data in many different ways, such as generating random numbers, strings, and other data. It can also use existing data sets to generate new data.
Once the fuzzing engine has generated the data, it is then fed into the program being tested. The program is then monitored for unexpected behaviour or crashes. Any unexpected behaviour or crashes can indicate bugs or security flaws that need to be addressed.
Mutation-based Fuzzers
This type of fuzzer takes existing data and modifies it in a predetermined way to create test cases. It is the most common type of fuzzer and works well for data that consists of simple blocks of data. Mutations might include changing values, removing bytes, or adding bytes.
Generation-based Fuzzers
This type of fuzzer creates new data from scratch, using algorithms or rules to create meaningful test cases. These fuzzers are better suited for data that has to be generated from scratch, such as images or audio.
Protocol-based Fuzzers
This type of fuzzer is used to test protocols. It sends requests to the application based on specifications and checks the responses. It can be used to detect various vulnerabilities such as buffer overflows or SQL injection.
State-based Fuzzers
This type of fuzzer is used to test applications that have a state. It simulates user interactions, such as navigating through menus, so it can detect errors or vulnerabilities.
Model-based Fuzzers
This type of fuzzer uses models to construct test cases. These models can be based on the application structure, or they can be based on known attack patterns.
Coverage-based Fuzzers
This type of fuzzer is used to test for code coverage. It runs the application with different inputs and records the areas of code that were executed. It can be used to detect areas of the application that are not being tested.
Grammar-based Fuzzers
This type of fuzzer uses grammar to generate test cases. It is used to test applications that accept structured inputs, such as XML or JSON.
Should not be a stand-alone solution
Fuzzing can also be used in conjunction with other testing techniques, such as static analysis and dynamic analysis. Static analysis involves analysing the source code of a program for potential bugs or security flaws. Dynamic analysis involves monitoring the program as it executes and observing its behaviour. Combining fuzzing with these other testing techniques can provide a more comprehensive picture of the vulnerabilities or bugs in a program.
Overall, fuzzing is an important tool for developers and security professionals to use when testing software. It can help uncover potential bugs and security flaws that may otherwise go unnoticed. When combined with other testing techniques, fuzzing can be an effective way to ensure software is secure and reliable.
Yes please... tell me more!
If you are interested to learn more specifics about fuzzing, the following are some of the popular open-source fuzzers:
AFL (American Fuzzy Lop)
AFL is a popular open-source fuzzer created by Michal Zalewski. It is an evolutionary fuzzing tool which uses genetic algorithms to mutate test cases and identify new input that can trigger new code paths and bugs.
Peach Fuzzer
Peach Fuzzer is an open-source fuzzer that supports both generation and mutation-based fuzzing. It is a platform-independent fuzzing tool that can be used to test both applications and protocols.
SPIKE Fuzzer
SPIKE Fuzzer is an open-source fuzzer developed by Immunity Security. It is a protocol-oriented fuzzer that can be used to fuzz network applications. SPIKE Fuzzer is capable of running on Windows and Linux platforms.
BooFuzz
BooFuzz is a fork of Sulley Fuzzer, an open-source fuzzer developed by Pedram Amini. It is a protocol-oriented fuzzer that can be used to fuzz any type of network protocol and is capable of automatically generating test cases.
JSFuzz
JSFuzz is an open-source coverage-guided fuzzer for testing javascript and nodejs packages. Its logic is heavily based on go-fuzz developed by Dmitry Vyukov, which itself is based on Michal Zalewski AFL.
Now go forth and get yourself that fuzzy feeling
The list above is by no means exhaustive, and there are always plenty of new fuzzers being launched. However, the above is a good starting point for learning about the different types of fuzzers and how they can help you increase your security.
Stay up-to-speed on the very latest trends and analysis in cybersecurity trends with a free subscription to Reflare's biweekly research newsletter. You can also explore some of our related articles to learn more.
Share this
- December 2024 (1)
- November 2024 (1)
- October 2024 (1)
- September 2024 (1)
- August 2024 (1)
- July 2024 (1)
- June 2024 (1)
- April 2024 (2)
- February 2024 (1)
- January 2024 (1)
- December 2023 (1)
- November 2023 (1)
- October 2023 (1)
- September 2023 (1)
- August 2023 (1)
- July 2023 (1)
- June 2023 (2)
- May 2023 (2)
- April 2023 (3)
- March 2023 (4)
- February 2023 (3)
- January 2023 (5)
- December 2022 (1)
- November 2022 (2)
- October 2022 (1)
- September 2022 (11)
- August 2022 (5)
- July 2022 (1)
- May 2022 (3)
- April 2022 (1)
- February 2022 (4)
- January 2022 (3)
- December 2021 (2)
- November 2021 (3)
- October 2021 (2)
- September 2021 (1)
- August 2021 (1)
- June 2021 (1)
- May 2021 (14)
- February 2021 (1)
- October 2020 (1)
- September 2020 (1)
- July 2020 (1)
- June 2020 (1)
- May 2020 (1)
- April 2020 (2)
- March 2020 (1)
- February 2020 (1)
- January 2020 (3)
- December 2019 (1)
- November 2019 (2)
- October 2019 (3)
- September 2019 (5)
- August 2019 (2)
- July 2019 (3)
- June 2019 (3)
- May 2019 (2)
- April 2019 (3)
- March 2019 (2)
- February 2019 (3)
- January 2019 (1)
- December 2018 (3)
- November 2018 (5)
- October 2018 (4)
- September 2018 (3)
- August 2018 (3)
- July 2018 (4)
- June 2018 (4)
- May 2018 (2)
- April 2018 (4)
- March 2018 (5)
- February 2018 (3)
- January 2018 (3)
- December 2017 (2)
- November 2017 (4)
- October 2017 (3)
- September 2017 (5)
- August 2017 (3)
- July 2017 (3)
- June 2017 (4)
- May 2017 (4)
- April 2017 (2)
- March 2017 (4)
- February 2017 (2)
- January 2017 (1)
- December 2016 (1)
- November 2016 (4)
- October 2016 (2)
- September 2016 (4)
- August 2016 (5)
- July 2016 (3)
- June 2016 (5)
- May 2016 (3)
- April 2016 (4)
- March 2016 (5)
- February 2016 (4)