Fuzz

Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions such as crashes, failing built-in code assertions, or potential memory leaks. Typically, fuzzers are used to test programs that take structured inputs. This structure is specified, e.g., in a file format or protocol and distinguishes valid from invalid input. An effective fuzzer generates semi-valid inputs that are “valid enough” in that they are not directly rejected by the parser, but do create unexpected behaviors deeper in the program and are “invalid enough” to expose corner cases that have not been properly dealt with.

For the purpose of security, input that crosses a trust boundary is often the most interesting. For example, it is more important to fuzz code that handles the upload of a file by any user than it is to fuzz the code that parses a configuration file that is accessible only to a privileged user.

https://en.wikipedia.org/wiki/Fuzzing

Fuzzer tool

1. Window PE file fuzzing operation
2. dumb fuzzer
3. Customizable TestCase
4. GUI Interface using PyQt
5. Message Box notification when Crash is detected

Required installation

######################################################################
#  This file should be kept compatible with Python 2.3, see PEP 291. #
######################################################################
"""create and manipulate C data types in Python"""

import os as _os, sys as _sys

__version__ = "1.1.0"

from _ctypes import Union, Structure, Array
from _ctypes import _Pointer
from _ctypes import CFuncPtr as _CFuncPtr
from _ctypes import __version__ as _ctypes_version
from _ctypes import RTLD_LOCAL, RTLD_GLOBAL
from _ctypes import ArgumentError

from _ctypes import Structure as _ctypesStructure       # Add for Paimei
from struct import calcsize as _calcsize
class Structure (_ctypesStructure): pass                # Add for Paimei

if __version__ != _ctypes_version:
    raise Exception("Version number mismatch", __version__, _ctypes_version)
  • For compatibility with python 2.7.x version, modify the init.py file.

PATH: C:\Python27\Lib\ctypes\**init**.py

  • If you added the code in lines 17 and 19, download the rebuilt pydasm.pyd file for Python 2.7.x.
  • After that, copy it to the C:\Python27\Lib\site-packages\pydbg folder.

If there is an existing pydasm.pyd file, it will be overwritten.

pydasm test

import pydbg
print "Hello, pydbg!"
  • success!

Options (CLI)

-t, --target : Binary to fuzz
-s, --sample : Sample folder name (Test Case file)
-h, --help : help

BluePrint (GUI)

./Bl-8.png

./Bl-10.png

./Bl-9.png