Fuzzing

Why Fuzzware?

Fuzzware was designed to be a convenient and flexible tool for testing software. Specifically Fuzzware is a fuzzing tool, so it tests software by creating negative, mutated, malformed or malicious testcases.

The are many fuzzing tools available online, some are very specific while others are like Fuzzware, a generic framework. However Fuzzware has some features that are not shared by all the other frameworks:

  1. Fuzzware can automatically convert the data format to be fuzzed into XML. Most fuzzing frameworks require you to manually convert an example of the data format (known as the template) into a form the fuzzing framework understands. Given an XSD file describing the data format, Fuzzware can automatically convert it to XML. This process is sometimes limited by complicated data formats or badly defined XSD files. Fuzzware comes with numerous examples showing how this process works and detailed help documentation is available on this site.
  2. Fuzzware separates the data from its definition. Most fuzzing frameworks use one file that contains the data, the data format and how the data format will be fuzzed. Fuzzware uses separate files for the data (XML file) the data format (XSD file) and how they are fuzzed (configuration files). Since data formats are often complicated and no one file represents all aspects of the format, this separation minimises the work required to test all aspects of a data format.
  3. Fuzzware uses standardised language to describe the data format. Most fuzzing frameworks invent their own language or format for describing data and its types and structures. Fuzzware uses XML and XSD files, a standardised format that any tool or API for XML or XSD will be able to read. If you are already comfortable with XML and XSD then using Fuzzware will be easy, otherwise there is a vast amount of information and tutorials (XML, XSD) available online.
Here are some other features of Fuzzware
  • Can fuzz file formats, network packets (including those saved in PDML format from Wireshark, Web Services (given a WSDL file) and ActiveX controls.
  • Fuzzware can be extended using .Net to allow for completely custom input.
  • Can output testcases to a directory, send them over a network, run an executable on them, send them to a Web Service or as script invoking an ActiveX control.
  • Fuzzware can be extended using .Net to allow for completely custom output.
  • Uses different fuzzing techniques for Strings, Integers, Decimals and Byte type data, giving a total of 21 different types of fuzzing techniques for data types.
  • Supports fuzzing data structures by manipulating the number of times particular data structures occur and their order.
  • When fuzzing XML, XML attributes are fuzzed just like XML node data and special occurrence fuzzing is applied to them.
  • Default values for use with the different fuzzing techniques are given but these are completely customisable. Some fuzzing techniques create random values for use.
  • The fuzzing techniques can be individualised for specific parts of the data format.
  • Comes with its own debugger that can be used as either a post-mortem debugger or be used to run executables in. Any crash dump of any crashes is saved to file along with the testcase that caused it.
  • The Event Log can be monitored for lists of keywords either locally or remotely.
  • Monitoring of process terminating either locally or remotely is also supported.
  • Fuzzware is completely stateful, supporting both start states and end states and so every testcase has a unique state that can be reproduced individually.
  • There is a test mode to check the input and output configuration of Fuzzware, and optionally a binary comparison with a file can be performed to ensure the output is a perfect copy of the input.
 
 
  Design by guenstige.shop-stadt.de & windows forum