Fuzzing

Fuzzing Techniques

Some general points on the different fuzzing techniques:

Fuzzing techniques that use randomness
The state for a random fuzzing technique is something like pfx-target-0-RandomInteger-628659283 (for the RandomInteger fuzzing technique) . The fuzz index (the 628659283) can be used to uniquely recreate that test value. However, for a run of 100 random integers, to recreate exactly the same sequence of random values you have to specify a Start State and use the same first fuzz index that was originally used, this value can be found in the log file. Note, the State for a fuzzing technique that uses randomness gives no information of what the current count is out the total number of random testcases the technique will try.

When specifying a Range
Some fuzzing techniques allow you to specify a range, and if you look at the FuzzIndex (the last number) of the state's of the output testcases you will note that they generally do not begin at 0 (the Range Start Index is greater than 0). This is because Fuzzware actually goes through all the possible state and only create those that are within the specified range. For instance, if the Start Index was specified as 10, Fuzzware would still start at position 0, it will just skip the 0 position state when it determines it is not within the specified Range, likewise with the other ranges below position 10.

This is important to appreciate that if are fuzzing a large node of data and specifying to only fuzz the end of the data, Fuzzware may spend a considerable amount of processor time getting to that first state that is within the Range specified.

 
 
  Design by guenstige.shop-stadt.de & windows forum