The sulley fuzzing framework! (A basic example walkthrough)

Sign in or sign up now!
Alert icon
Upgrade to the latest Flash Player for improved playback performance. Upgrade now or more info.
8,794
Loading...
Alert icon
Sign in or sign up now!
Alert icon

Uploaded by on Oct 12, 2009

This is a short demonstration on using the sulley fuzzing framework. I'll be fuzzing an application with a known bug (for obvious reasons...) that has already been exploited.(http://packetstormsecurity.org/advisories/misc/savant.overflow.txt) I chose a basic plan-text HTTP server just for demonstration purposes. This is not a protocol fuzzing tutorial. Anyway, I've tried pretty much all of the fuzzers worth using. I decided to give this project a try and I must say I'm pretty impressed with it. It's a block based protocol fuzzer similar to SPIKE. Seems to be a little bit more robust and a little less tedious since you don't have to recompile anything after your done coding mainly. It's python based which isn't my primary language. (I'm a C/++ guy) I just started to finally sit down and learn some kind of fuzzing framework to automate and streamline the process of finding bugs. I've just started to get into writing exploits and need a nice fuzzer that I can start finding bugs with so I went with sulley. Has decent documentation I guess. Not many examples however. Theres a couple in the "archived_fuzzies" folder though. The nice thing about it is that it has a network / process monitor with a built in debugger that dumps wire captures as well as crash dumps. This is a pretty cheesy example but It's just to give you an idea of how it works...

Definition of fuzz testing:

http://en.wikipedia.org/wiki/Fuzz_testing

Sulley download url:

http://www.fuzzing.org/wp-content/Sulley%20Fuzzing%20Framework.exe

PDF:

http://www.fuzzing.org/wp-content/SulleyManual.pdf

This should help to get you started making your own protocol fuzzers using this wonderful framework. Enjoy :)

PLEASE RATE!

NOTE: You can now follow me on Twitter for video/ and project activity updates: http://twitter.com/xsploitedsec/

  • likes, 2 dislikes

Link to this comment:

Share to:

Uploader Comments (xsploitedsecurity)

  • Thanks for comments. Nice to know people actually enjoy my videos and can learn from them. In this case, I plan to release more in the near future. ;)

    xsploitedsecurity 1 year ago

  • 5 * and subscribe

    briliant videos

    xNORZE 2 years ago

  • Thank you.

    xsploitedsecurity 2 years ago

  • pretty good session.. im diggin it, nice work

    getuniquee 2 years ago 2

  • @getuniquee Thanks bro :)

    xsploitedsecurity 2 years ago

see all

All Comments (11)

Sign In or Sign Up now to post a comment!

  • Well presented. Look forward to seeing more on your blog. Thanks! :)

    storiginal 1 year ago

  • @weekend4lust

    I wish I knew what the heck this all ment. Who did you become a computer hacker?

    JurkoffJay 1 year ago

  • Thanks for sharing. it's really helpful.

    liulinyang 2 years ago

  • Nice, thanks for this :)

    heaveninflames 2 years ago

  • Best tutorial to date. I'll bf that notion

    kaotixcrew 2 years ago

Loading...
Alert icon
0 / 00Unsaved Playlist Return to active list
    1. Your queue is empty. Add videos to your queue using this button:
      or sign in to load a different list.
    Loading...Loading...Saving...
    • Clear all videos from this list
    • Learn more