These tools range from stand-alone fuzzers to fuzzer development environments. In this
chapter, we will discuss the basic approach to fuzzing, as well as introduce a fuzzer
development framework. Chapters 15 and 17 will cover several more recent fuzzing
tools including fuzzers tailored to specific application domains.
A Simple URL Fuzzer
As an introduction to fuzzers, we will look at a simple program for fuzzing web servers.
Our only goal is to grow a long URL and see what effect it has on a target web server. The
following program is not at all sophisticated, but it demonstrates several elements common
to most fuzzers and will assist in understanding more advanced examples:
1: /*
2: * simple_http_fuzzer.c
3: */
4: #include
5: #include
6: #include
7: #include
8: //maximum length to grow our url
9: #define MAX_NAME_LEN 2048
10: //max strlen of a valid IP address + null
11: #define MAX_IP_LEN 16
12: //static HTTP protocol content into which we insert fuzz string
13: char request[] = "GET %*s.html HTTP/1.1\r\nHost: %s\r\n\r\n";
Gray Hat Hacking: The Ethical Hacker??™s Handbook
350
14: int main(int argc, char **argv) {
15: //buffer to build our long request
16: char buf[MAX_NAME_LEN + sizeof(request) + MAX_IP_LEN];
17: //server address structure
18: struct sockaddr_in server;
19: int sock, len, req_len;
20: if (argc != 2) { //require IP address on the command line
21: fprintf(stderr, "Missing server IP address\n");
22: exit(1);
23: }
24: memset(&server, 0, sizeof(server)); //clear the address info
25: server.
Pages:
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630