3

I would like to make a software fuzzer.

What I want to do is open a program and the fuzzer should find all the functions on the application that take input and then try to write a string that I provide the fuzzer with at the beginning.

The fuzzer should write that string in all input functions in the program and it should notify me when the program crashes because of a specific input in a function. For example, when the fuzzer injected a long string of A's into a field called artist name, and the program crashed, I want to get an output that has in it the field name and the value that caused the crash and the report of windows if provided.

I know the application so big bit just give me some main steps I should read about or some API's I should use. I will write the program with C#. I can also write it with C++ and Python but I think it would be easier on C#. What do you think?

Tim Sylvester
  • 22,897
  • 2
  • 80
  • 94
I.el-sayed
  • 325
  • 1
  • 5
  • 18

1 Answers1

0

Welcome to Stack Overflow. fuzzdb might be the coolest thing to what you're looking for. Fuzzing is not a sure thing and you have to deal with a lot of false data that are not bugs. I prefer using application templates.
You should consider other fuzzers/fuzzing techniques since you're building one.

leocrimson
  • 702
  • 1
  • 11
  • 25
Thawab
  • 69
  • 1
  • No, I don't want to use already made fuzzers. I want to create one.. I want to create a fuzzer on XP using C# So any help with that? just I want a main bullets of how can I get the all input fields in a program and how to make my fuzzer write values in these inputs .. Thank you – I.el-sayed Jun 28 '12 at 15:38
  • All of the ones I mentioned above are open source, look in the source to find your answers. Fuzzing is not just filling inputs with AAAAAA's and expect a buffer overflow waiting for you. – Thawab Jun 28 '12 at 16:30
  • Ok do you know any good tutorials-books that talk about fuzzers ?? – I.el-sayed Jun 28 '12 at 17:45
  • [Grey Hay Python](http://www.amazon.com/Gray-Hat-Python-Programming-Engineers/dp/1593271921/ref=sr_1_1?ie=UTF8&qid=1340916959&sr=8-1) – Thawab Jun 28 '12 at 20:57