Fuzzing
Bytes

Lets imagine we have a target node of type hexBinary

<pfx:target>000102030405060708090A</pfx:target>

below are how each of the different fuzzing techniques would change this hexBinary. If the fuzzing technique does not depend on a Range , then every input corresponds to one output. If the fuzzing technique depends on a Range (whether specified or not), then every input corresponds to an output for every position in the range. In the examples below if the range is large some of the outputs have been removed for brevity (indicated by ...).

Replace bytes - At each byte position, replace bytes equal in length to the replacement value. If a range is specified do not replace bytes outside this range.

No Range

Input
Output
Example States 
 FF
 BCBC





 <pfx:target>FF0102030405060708090A</pfx:target> 
 <pfx:target>BCBC0102030405060708090A</pfx:target> 
 <pfx:target>00FF02030405060708090A</pfx:target> 
 <pfx:target>00BCBC02030405060708090A</pfx:target> 
 ...
 <pfx:target>010203040506070809FF</pfx:target> 
 <pfx:target>010203040506070809BCBC</pfx:target> 
 pfx-target-0-ReplaceBytes-0 
 pfx-target-0-ReplaceBytes-1 
 pfx-target-0-ReplaceBytes-2 
 pfx-target-0-ReplaceBytes-3 
 ...
 pfx-target-0-ReplaceBytes-19 
 pfx-target-0-ReplaceBytes-20

 

 

 

 

 

Range: Start Index = 4, Step Size = 2, Length = 4

Input
Output
Example States 
 FF
 BCBC


 <pfx:target>00010203FF05060708090A</pfx:target> 
 <pfx:target>00010203BCBC05060708090A</pfx:target> 
 <pfx:target>000102030405FF0708090A</pfx:target> 
 <pfx:target>000102030405BCBC0708090A</pfx:target> 
 pfx-target-0-ReplaceBytes-8 
 pfx-target-0-ReplaceBytes-9 
 pfx-target-0-ReplaceBytes-12 
 pfx-target-0-ReplaceBytes-13

 

 

 

 

Insert bytes - At each byte position, insert the value bytes. If a range is specified, it indicates which positions to insert values at and not the range of bytes affected.

No Range

Input
Output
Example States 
 FF
 BCBC





 <pfx:target>FF000102030405060708090A</pfx:target> 
 <pfx:target>BCBC000102030405060708090A</pfx:target> 
 <pfx:target>00FF0102030405060708090A</pfx:target> 
 <pfx:target>00BCBC0102030405060708090A</pfx:target> 
 ...
 <pfx:target>0102030405060708090AFF</pfx:target> 
 <pfx:target>0102030405060708090ABCBC</pfx:target> 
 pfx-target-0-InsertBytes-0 
 pfx-target-0-InsertBytes-1 
 pfx-target-0-InsertBytes-2 
 pfx-target-0-InsertBytes-3 
 ...
 pfx-target-0-InsertBytes-22 
 pfx-target-0-InsertBytes-23

 

 

 

 

 

 

Range: Start Index = 5, Step Size = 1, Length = 3

Input
Output
Example States 
 FF
 BCBC




 <pfx:target>0001020304FF05060708090A</pfx:target> 
 <pfx:target>0001020304BCBC05060708090A</pfx:target> 
 <pfx:target>000102030405FF060708090A</pfx:target> 
 <pfx:target>000102030405BCBC060708090A</pfx:target> 
 <pfx:target>010203040506FF0708090A</pfx:target> 
 <pfx:target>010203040506BCBC0708090A</pfx:target> 
 pfx-target-0-InsertBytes-10 
 pfx-target-0-InsertBytes-11 
 pfx-target-0-InsertBytes-12 
 pfx-target-0-InsertBytes-13 
 pfx-target-0-InsertBytes-14 
 pfx-target-0-InsertBytes-15

 

 

 

 

 

Replace with random bytes - At a randomly chosen position, a random number of bytes will be replaced with random bytes.

Flip random bit - Flip a bit at a random bit position.

XOR bytes, AND bytes, OR bytes - At each byte position, carry out the operation (XOR, AND or OR) using the fuzzing value and the node value. If a range is specified, skip any value that would change bytes outside the range.

XORBytes - No Range

Input
Output
Example States 
 11 
 F0F0 





 <pfx:target>110102030405060708090A</pfx:target> 
 <pfx:target>F0F102030405060708090A</pfx:target> 
 <pfx:target>001002030405060708090A</pfx:target> 
 <pfx:target>00F1F2030405060708090A</pfx:target> 
 ...
 <pfx:target>0102030405060708F9AF</pfx:target> 
 <pfx:target>0102030405060708091B</pfx:target> 
 pfx-target-0-XORBytes-0 
 pfx-target-0-XORBytes-1 
 pfx-target-0-XORBytes-2 
 pfx-target-0-XORBytes-3 
 ...
 pfx-target-0-XORBytes-19 
 pfx-target-0-XORBytes-20

 

 

 

 

 

ANDBytes - No Range

Input
Output
Example States 
 11 
 F0F0 





 <pfx:target>000102030405060708090A</pfx:target> 
 <pfx:target>000002030405060708090A</pfx:target> 
 <pfx:target>000102030405060708090A</pfx:target> 
 <pfx:target>000000030405060708090A</pfx:target> 
 ...
 <pfx:target>01020304050607080000</pfx:target> 
 <pfx:target>01020304050607080900</pfx:target> 
 pfx-target-0-ANDBytes-0 
 pfx-target-0-ANDBytes-1 
 pfx-target-0-ANDBytes-2 
 pfx-target-0-ANDBytes-3 
 ...
 pfx-target-0-ANDBytes-19 
 pfx-target-0-ANDBytes-20

 

 

 

 

 

ORBytes - No Range

Input
Output
Example States 
 11 
 F0F0 





 <pfx:target>110102030405060708090A</pfx:target> 
 <pfx:target>F0F102030405060708090A</pfx:target> 
 <pfx:target>000102030405060708090A</pfx:target> 
 <pfx:target>000000030405060708090A</pfx:target> 
 ...
 <pfx:target>01020304050607080000</pfx:target> 
 <pfx:target>01020304050607080900</pfx:target> 
 pfx-target-0-ORBytes-0 
 pfx-target-0-ORBytes-1 
 pfx-target-0-ORBytes-2 
 pfx-target-0-ORBytes-3 
 ...
 pfx-target-0-ORBytes-19 
 pfx-target-0-ORBytes-20

 

 

 

 

 

 
 
 
  Design by guenstige.shop-stadt.de & windows forum