PDA

View Full Version : I need guide for Fuzzing



karthikp
12-17-2012, 09:40 PM
Does anyone have reliable guide for Fuzzing Windows network application written in Visual C++? If you have please share.

Thanks!

41.w4r10r
12-18-2012, 02:26 PM
i never found a specific guide for fuzzing windows network application specifically written in VC++.

for fuzzing what normally we do is.
under stand application
find the entry points (Input Points)
Check the Data format for inputing
write fuzzer in any language of your choice to manipulate the input data and provide it to the application if application is not validating input data properly you will get crash then further analysis starts from there.

but prior to fuzzing any application good understanding of that application is required else it will be something like aiming to target in dark without knowing the target location. ;)

m0rph
01-25-2013, 02:55 PM
Sadly, I haven't the time to write code for a VC++ app for a demo. However, I did recently post this:

Exploit Development Series - Part 3 (Fuzzing) (http://www.garage4hackers.com/f42/%5Bvideo%5D-exploit-development-series-3315.html#post9933)



The link above is a video tutorial I made on fuzzing a C app on linux with python. I made that video specifically for people that don't know alot about fuzzing. I give a lot of good information that can easily be applied to a windows environment if you have the drive to take that challenge upon yourself. Check it out! If you have any questions feel free to ask!