Results 1 to 3 of 3

Thread: Any Links/resource which can help me to learn browser fuzzing? Share/Save - My123World.Com!

  1. #1
    Garage Addict 41.w4r10r's Avatar
    Join Date
    Jul 2010
    Location
    Pune
    Posts
    338
    Blog Entries
    3

    Any Links/resource which can help me to learn browser fuzzing?

    [Q] Any Links/resource which can help me to learn browser fuzzing?

    Ans: Yes there are lots of links,resources available on web you need to use google properly. some of the quick guides can be:

    https://code.google.com/p/browsersec/wiki/Main

    https://docs.google.com/viewer?a=v&p...gyYmUyYWY3MWQy

    https://sites.google.com/site/tentac...-level-2-and-3

    https://www.squarefree.com/categories/fuzzing/

  2. #2
    ... I am no Expert b0nd.g4h@gmail.com b0nd's Avatar
    Join Date
    Jul 2010
    Location
    irc.freenode.net #g4h
    Posts
    744
    Learning Exploitation with FSExploitMe


    http://blog.opensecurityresearch.com...exploitme.html


    Lesson 1 - Learning WinDBG
    Lesson 1 is entirely dedicated to WinDBG since it is so important to the whole exploitation process. The questions will require you to set breakpoints, dig into memory, and execute some common commands to obtain answers.


    Lesson 2 - Stack-Based Overflow
    Lesson 2 is focused around exploiting a basic stack-based overflow. The questions require you to understand how the stack operates, how to triage a stack-based overflow and finally how to exploit the condition. The first round walks you through the exploitation, the second is a bit harder - there is no walkthrough and it requires the use of IDA.


    Lesson 3 - Use-After-Free on the Heap
    Lesson 3 walks you through a use-after-free vulnerability on the heap. The questions help you understand how data is stored on the heap, how virtual function tables and pointers are structured, how to triage a use-after-free and finally how to exploit it. This very much mimics a traditional browser use-after-free and should get you on the right track when you have to tackle a real-world vulnerability.


    Upcoming Lessons
    The next few lessons that will be written will focus on bypassing exploit mitigations! Stay tuned!
    The next few lessons that will be written will focus on bypassing exploit mitigations! Stay tuned!
    [*] To follow the path: look to the master, follow the master, walk with the master, see through the master,
    ------> become the master!!! <------
    [*] Everyone has a will to WIN but very few have the will to prepare to WIN
    [*] Invest yourself in everything you do, there's fun in being serious

  3. #3
    ... I am no Expert b0nd.g4h@gmail.com b0nd's Avatar
    Join Date
    Jul 2010
    Location
    irc.freenode.net #g4h
    Posts
    744

    Few active fuzzers available online

    Fileja (released in Aug 2014):
    https://sites.google.com/site/tentac.../fileja-fuzzer

    The same author release 'nduja' in 2013:
    https://sites.google.com/site/tentac...-level-2-and-3

    Grab the source code & play with it.

    Cheers1
    [*] To follow the path: look to the master, follow the master, walk with the master, see through the master,
    ------> become the master!!! <------
    [*] Everyone has a will to WIN but very few have the will to prepare to WIN
    [*] Invest yourself in everything you do, there's fun in being serious

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •