The tool sets itself up as a proxy between you and the website or
application you want to fuzz. By configuring a web browser to proxy through SPIKE
Proxy, you interact with SPIKE Proxy to help it learn some basic information about the
site being fuzzed. SPIKE Proxy takes care of all the fuzzing and is capable of performing
attacks such as SQL injection and cross-site scripting. SPIKE Proxy is written in Python
and can be tailored to suit your needs.
Sharefuzz
Also authored by Dave Aitel, Sharefuzz is a fuzzing library designed to fuzz set user ID
(SUID) root binaries.
NOTE A SUID binary is a program that has been granted permission to run
as a user other than the user that invokes the program. The classic example is
the passwd program, which must run as root in order to modify the system
password database.
Vulnerable SUID root binaries can provide an easy means for local privilege escalation
attacks. Sharefuzz operates by taking advantage of the LD_PRELOAD mechanism
on Unix systems. By inserting itself as a replacement for the getenv library function,
Sharefuzz intercepts all environment variable requests and returns a long string rather
than the actual environment variable value. Figure 14-4 shows a standard call to the
getenv library function, while Figure 14-5 shows the results of a call to getenv once the
program has been loaded with Sharefuzz in place.
Pages:
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644