martes, 15 de junio de 2010

CERT Basic Fuzzing Framework

Hi folks. I've been involved in a fuzzing effort at CERT. One of the ways that I've been able to discover vulnerabilities is through "dumb" or mutational fuzzing. We have developed a framework for performing automated dumb fuzzing. Today we are releasing a simplified version of automated dumb fuzzing, called the Basic Fuzzing Framework (BFF).

Dranzer was one of our first fuzz testing projects. By performing automated smart fuzz testing of ActiveX controls, I was able to discover thousands of vulnerabilities. Luckily, Microsoft has made some improvements to Internet Explorer to help minimize the impact of ActiveX vulnerabilities.
Another technique that I've used for discovering vulnerabilities is dumb fuzzing. Don't let the name fool you. Dumb fuzzing has the advantage of being more universal than smart fuzzing. Dranzer is limited in that it tests only ActiveX controls; with dumb fuzzing, you can switch targets easily after your dumb fuzzing environment is complete.

The Basic Fuzzing Framework (BFF) consists of two main parts:

  1. a Linux virtual machine that has been optimized for fuzzing
  2. a set of scripts and a configuration file that orchestrate the fuzzing run


No hay comentarios: