Chapter 14: Advanced Reverse Engineering
349
PART IV
Also, the differences between ASCII and non-ASCII protocols make it more than a trivial
task to port a fuzzer from one application domain to another.
NOTE The Hypertext Transfer Protocol (HTTP) is an ASCII-based protocol
described in RFC 2616. SSH is a binary protocol described in various Internet-
Drafts. RFCs and Internet-Drafts are available online at www.ietf.org.
Instrumented Fuzzing Tools and Techniques
Fuzzing should generally be performed with some form of instrumentation in place.
The goal of fuzzing is to induce an observable error condition in a program. Tools such
as memory monitors and debuggers are ideally suited for use with fuzzers. For example,
valgrind will report when a fuzzer has caused a program executing under valgrind control
to overflow a heap-allocated buffer. Debuggers will usually catch the fault induced
when an invalid memory reference is made as a result of fuzzer provided input. Following
the observation of an error, the difficult job of determining whether the error is
exploitable really begins. Exploitability determination will be discussed in the next
chapter.
A variety of fuzzing tools exist in both the open source and the commercial world.
Pages:
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629