Five arguments are required to run generic_send_tcp: the
host to be fuzzed, the port to be fuzzed, the filename of the spike script, information on
whether any fuzzing variables should be skipped, and whether any states of each fuzzing
variable should be skipped. These last two values allow you to jump into the middle of a
fuzzing session, but for our purposes, set them to zero to indicate that you want all variables
fuzzed and every possible value used for each variable. Thus the following command
line would cause demo.spk to be executed:
# ./generic_send_tcp gimme.money.com 80 demo.spk 0 0
If the web server at gimme.money.com had difficulty parsing the strings thrown at it
in the user and password fields, then you might expect generic_tcp_send to report errors
encountered while reading or writing to the socket connecting to the remote site.
If you??™re interested in learning more about writing SPIKE-based fuzzers, you should read
through and understand generic_send_tcp.c. It uses all of the basic SPIKE API calls in order
to provide a nice wrapper around SPIKE scripts. More detailed information on the SPIKE
API itself can only be found by reading through the spike.h and spike.c source files.
Gray Hat Hacking: The Ethical Hacker??™s Handbook
356
Chapter 14: Advanced Reverse Engineering
357
PART IV SPIKE Proxy
SPIKE Proxy is another fuzzing tool, developed by Dave Aitel, that performs fuzzing of
web-based applications.
Pages:
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643