Hi readers, It's been more than three months I haven't written any blog post, Hope you guys are doing well. In this post I will share one of my fuzzing helper script. During Fuzz testing of any application in automated manner, we provide invalid, unexpected, or random data to the inputs of a the target program. The target program is then monitored for unusual behavior.
Generating test case is entirely depending on you, and this is the key of finding good number of quality bugs. But monitoring the target application during fuzz testing is also very important. One can monitor the target application in many ways.
In general I use Python's debugger module known as "pydbg" to monitor behavior/crash of the application I am fuzzing, but I was looking for something better and faster. So I posted a question on NullCon Google group Increasing Fuzzing Speed.
Many great ideas and suggestions came out of the discussion. So from that I finally I decided to try WinDBG Console debugger ( cdb.exe ) as fuzzing monitoring tool. So using this console debugger I wrote on very simple and small python class which can be used to monitor any windows application while fuzzing.
This script doesn't have any test case generator, As I have already told you generating test cases is the key of getting good quality bugs in any application and its entirely depend on you how you generate test cases.
So here is the python class : This script uses "cdb.exe" so make sure you have that installed.
And You can use this class in this way to monitor and track crashes:
Generating test case is entirely depending on you, and this is the key of finding good number of quality bugs. But monitoring the target application during fuzz testing is also very important. One can monitor the target application in many ways.
- Monitor for Process Termination
- Monitor the Event Log
- Monitor Application Crashes using debugger
In general I use Python's debugger module known as "pydbg" to monitor behavior/crash of the application I am fuzzing, but I was looking for something better and faster. So I posted a question on NullCon Google group Increasing Fuzzing Speed.
Many great ideas and suggestions came out of the discussion. So from that I finally I decided to try WinDBG Console debugger ( cdb.exe ) as fuzzing monitoring tool. So using this console debugger I wrote on very simple and small python class which can be used to monitor any windows application while fuzzing.
This script doesn't have any test case generator, As I have already told you generating test cases is the key of getting good quality bugs in any application and its entirely depend on you how you generate test cases.
So here is the python class : This script uses "cdb.exe" so make sure you have that installed.
And You can use this class in this way to monitor and track crashes:
Final Thought: I was not very happy with the performance of this fuzzing monitoring script. I consider pydbg is a better options than WinDBG ( cdb.exe )for fuzzing monitoring. If I compare the speed between the fuzzer which I've written using pydbg and this one(using cdb.exe), then I realized that fuzzing speed was much slower when "cdb.exe" was used for monitoring.
HSLC 10th Class Previous Years Sample Paper.Pdf Download Manipur Board 10th Class Model Question Paper 2021 The Exam Department of the Manipur School Education Board (HSLC) has released the Xth Class Model Question Paper for the Main Exam 2021. Manipur HSLC Model Paper 2022 Download the Manipur Board 10th Class Model Question Paper for the year 2021. Download BSEM 10th Class Sample Papers for each subject (Physics, Chemistry, Mathematics, Biology).
ReplyDeleteKPSC Assistant Engineer Recruitment 2022 Notification Apply Online
ReplyDeleteKPSC Assistant Engineer Recruitment 2022