A simple tool designed to help out with crash analysis during fuzz testing. It selectively “un-fuzzes” portions of a fuzzed file that is known to cause a crash, re-launches the targeted application, and sees if it still crashes. Eventually, this will yield a file that still causes the crash, but contains a minimum set of changes from the original un-fuzzed file.
How does fuzzdiff works
When provided with a fuzzed file, a corresponding original un-fuzzed
file, and the path to the targeted program, FuzzDiff will selectively “un-fuzz” portions of the fuzzed file while re-launching the application to monitor for crashes. This will yield a file that still crashes the target application, but contains a minimum set of changes from the original, un-fuzzed file. This can be useful in pinning down the exact cause of a crash.
The tool is written in Python and currently only works on Unix-based systems, since it monitors for crashes by checking for SIGSEGV. It also assumes that the target program adheres to the syntax “[program] [args] [input file]“. Both of these limitations can be easily worked around. The code is hardly what I’d call production-ready, but it gets the job done.
FuzzDiff will help to analysis and find the root cause analysis of problem and fine tune our fuzz method
Download FuzzDiff Here
Tagged as: FuzzDiff, Fuzzer, how fuzzer works, SysAnalyzer
fm-fsf – Freakin’ Simple Fuzzer is built for web applications and data scraping. It is plugin based tool. You can build and add your own plugin.
It supports some basic stuff and missing some features however it has got some advanced RegEx capturing features for scraping data out of web applications.
It’s still in early stage of development. It’s not well tested and I developed it when I need it, so don’t keep your hopes high.
We are all testing this tool weather we can include it in our white hat penetration testing framework.
Use of this tool is when you want to take advantage of RegEx with the full power for scraping data (this is quite useful while exploiting SQL Injections, gathering data, looking for some hidden resource or trying to enumerate all valid “user id”s) simple to run and simple which makes it easy to write your own fuzzing modules with simple and compact .NET code .
This tool is for advance users or advance fuzzers who know how to use fuzzers and want more to explore more.
Tips to use fuzzers – fm-fsf:
Create a sqli.txt file and directories.txt and remember to change it in command while running it.
For beginners, try some other fuzzer and then use this one. You will have a clear idea.
To create or change config of fm-fsf fuzzer there are two file
1.FSF.exe.config
2.FSF.vshost.exe.config
Make changes as per your requirement and run the tool. While using it in windows if you get windows error message popup donot panic it a simple error message just say dont send .
Download fm-fsf fuzzer here
Related External Links
- Gone in 60 Days: Citi and Bank of America Won’t Live to See May …
Tagged as: how fuzzer works, how to fuzz, Web Application Fuzzer
