http://www.openrce.org/rss/feeds/blog OpenRCE: The Open Reverse Code Engineering Community Thu, 23 Jun 2005 16:30:38 -0500 https://www.openrce.org/blog/view/6/Fun_With_Fuzzing_[Day_2] dyngnosis <email-suppressed@example.com> Fuzzer: Day 2<br /> So Fuzzer-1.1 is great and we've had a lot of fun with it.. Yesterday we played with it and ran it out of the box... but to disover your own 0day you need to take this puppy out of the box and play with it. We also found the found the user manual for Bullet Proof FTP manuals and found an extra set of commands that the server accepts. This is perfect new testing grounds!<br /> <br /> [SNIP]<br /> <br /> Thu, 23 Jun 2005 16:29:33 -0500 https://www.openrce.org/blog/view/5/Fun_With_Fuzzing_[Day_1] dyngnosis <email-suppressed@example.com> Fun with Fuzzing<br /> We will start with a quick definition of fuzzing and then move directly into the technical stuff.<br /> <br /> [SNIP]<br /> Fuzz testing is a software testing technique. The basic idea is to attach the inputs of a program to a source of random data. If the program fails (for example, by crashing, or by failing in-built code assertions), then there are defects to correct.<br /> <br /> The great advantage of fuzz testing is that the test design is extremely simple, and free of preconceptions about system behavior.<br /> [/SNIP]<br /> <br /> So what does that mean? Basically you use a script to automate feeding bad commands to a server and see if it fails. In my case, I