[转载]Fuzzing Tools and Papers
信息来源:邪恶八进制信息安全团队([url]www.eviloctal.com[/url])As well as other related resources.
What's this?
I'm sort of sick of the topic (although I'm obviously still "active" in it), but when I was at Cisco, I wrote a couple of binary protocol fuzzing frameworks:
one in Python, called pif ,that had a crude flat-file description lage and was mentioned in a Black Hat presentation. While I'm at it, the implementations it found problems in were IOS, Foundry, and gated (in OpenBSD, no doubt) Cisco fixed the problems, OpenBSD did a silent upgrade (yanking the gated package from ports within a day of reporting the problem), and who knows what Foundry ever did!?
another in C# that had a nice XML protocol description language and used ADO.NET -- C# rocks!
Both of these will never be finished nor will they ever see the light of day. Sob! Sob!
Most of my time right now is focused on SCADA Protocols although I'm working on a web form fuzzer, because I didn't like the built-in capabalities of the Open source tools and I didn't want to mess with Beanshell (on WebScarab)
There is now a fuzzing mailing list started by Gadi Evron that you might want to subscribe to.
But nevertheless here are some links to tools and articles.
[url]http://www.threatmind.net/secwiki/FuzzingTools[/url]
页:
[1]