SPIKE is designed to
assist in the creation of network-oriented fuzzers and supports sending data via TCP or
UDP. Additionally, SPIKE provides several example fuzzers for protocols ranging from
HTTP to Microsoft Remote Procedure Call (MSRPC). SPIKE libraries can be used to form
the foundation of custom fuzzers, or SPIKE??™s scripting capabilities can be used to rapidly
develop fuzzers without requiring detailed knowledge of C programming.
The SPIKE API centers on the notion of a ???spike??? data structure. Various API calls are
used to push data into a spike and ultimately send the spike to the application being
fuzzed. Spikes can contain static data, dynamic fuzzing variables, dynamic length values,
and grouping structures called blocks. A SPIKE ???block??? is used to mark the beginning
and end of data whose length should be computed. Blocks and their associated length
fields are created with name tags. Prior to sending a spike, the SPIKE API handles all of
the details of computing block lengths and updating the corresponding length field for
each defined block. SPIKE cleanly handles nested blocks.
We will review some of the SPIKE API calls here. The API is not covered in sufficient
detail to allow creation of stand-alone fuzzers, but the functions described can easily be
used to build a SPIKE script.
Pages:
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637