The most
difficult challenges are faced when a protocol contains dependencies among fields. In
such cases, changing only one field is likely to result in an invalid message being sent
from the fuzzer to the server. A common example of such dependencies is embedded
length fields as seen in this simple HTTP POST request:
POST /cgi-bin/login.pl HTTP/1.1
Host: gimme.money.com
Connection: close
User-Agent: Mozilla/6.0
Content-Length: 29
Content-Type: application/x-www-form-encoded
user=smith&password=smithpass
Gray Hat Hacking: The Ethical Hacker??™s Handbook
352
In this case, if you want to fuzz the user field, then each time you change the length of
the user value, you must be sure to update the length value associated with the Content-
Length header. This somewhat complicates fuzzer development, but it must be properly
handled so that your messages are not rejected outright by the server simply for violating
the expected protocol.
SPIKE
SPIKE is a fuzzer creation toolkit/API developed by Dave Aitel of Immunity, Inc. SPIKE
provides a library of C functions for use by fuzzer developers. Only Dave would call SPIKE
pretty, but it was one of the early efforts to simplify fuzzer development by providing
buffer construction primitives useful in many fuzzing situations.
Pages:
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636