Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: What protocol to choose for a new fuzzer?

From: Tim <tim-pentest () sentinelchicken org>
Date: Thu, 22 Feb 2007 07:24:58 -0500
I have some time on my hands (about two months) to
work on a new network protocol fuzzer which I intend
to write in Python. I don't have much experience in
Python but my intention is to learn it by writing the
fuzzer. I am looking for a protocol which is
interesting and does not yet have a fuzzer for it.
IMAP and RIP for instance already seem to have
fuzzers. Anyone any ideas for other protocols?



Your best bet is probably finding a protocol that's:

1. Relatively new, so the implementations are likely buggier. (That way
   you can get some fame from publishing new holes you find.)

2. Is implemented by several different software systems.  If a new
   protocol is only implemented by a single software package, writing a
   whole fuzzer for it is kinda overkill.


The one protocol that comes to mind which seems to fit this criteria is
RSS.  I know little about it though, so it may not be that interesting
to fuzz.

I would love to see (as I'm sure others on the list would) what you end
up writing. 

good luck,
tim

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: