Frameworks for network protocol fuzzing?

Question

Can anyone recommend any programmer-friendly (i.e. extensible) frameworks or systems for performing network level packet fuzzing?

I'm looking for such a system where I can program in additional packet formats and various ways of breaking those packets in a protocol-dependent manner.

I know how to Google. I'm looking for specific recommendations :)

thanks!

score 4 · Answer 1 · answered Dec 30 '09 at 12:22

Scapy looks really programmer friendly. It is written in Python.

You use the Python command interpreter as its command interpreter. It has very nice documentation. It looks easy to use and understand.

API looks decent; written in a "pythonic" style. It looks very complete and it is under active development.

score 3 · Accepted Answer · answered Oct 13 '15 at 21:32

You might be interested in American Fuzzy Lop combined with Preeny. It's a fuzzer that is quite simple to use and employs genetic algorithms, which in this case means that it's going to detect which changes in input bits lead to new code paths and pay more attention to those.

QAZ · Answer 3 · 2008-12-08T16:58:44.127

3

I can recommend the Sulley fuzzing framework. It's a python framework and good at its job.

If you want layer 2 protocol fuzzing check out the great work by the people at ernw.de:

http://www.ernw.de/download/l2sulley_04-15-08.tar.bz2

http://www.ernw.de/download/l2_fuzzing_shmoo08.pdf

What protocols in particular are you interested in fuzzing?

UPDATE: As you are targeting DNS you should check out the PROTOS test suite, in particular their DNS module. This is a closed source Java package though, so you wont be able to use it like a framework, but you can always write a Sulley module to suite your specific needs if PROTOS isn't thorough enough.

edited Dec 08 '08 at 16:58

answered Dec 08 '08 at 15:35

QAZ

4,870
6
36
50

While Sulley looks very complete (both for postmortem and fuzzing techniques), it's not good for testing: as far as I can see you can't capture (inside the fuzzing script) and base further actions on server responses. You have to post-process the packet captures to detect misbehaving server. Scapy is much better for that. – Hubert Kario Jan 07 '15 at 13:42

score 2 · Answer 4 · answered Dec 08 '08 at 15:24

2

I just Googled around. I have never used any of these.

answered Dec 08 '08 at 15:24

Eugene Yokota

94,654
45
215
319

I think some of these are kind of stale. TAoF has not been updated in several years – JohnnySoftware Dec 30 '09 at 12:09

Alnitak · Answer 5 · 2015-11-19T14:09:51.333

1

None of the proposed answers met my needs, so I wrote my own fuzzing DNS server instead.

edited Nov 19 '15 at 14:09

answered Nov 30 '09 at 11:02

Alnitak

334,560
70
407
495

And not even a link to the github/bitbucket page? :) – Brian Cain Mar 03 '12 at 00:23
2

@BrianCain oh, all right then! http://code.google.com/p/evldns/ – Alnitak Mar 04 '12 at 13:48

score 1 · Answer 6 · answered Nov 19 '15 at 13:35

1

Here are my recommendations mainly because of the security groups which developed them has a great reputation.

AutoFuzz (Software) (Paper)
SecFuzz (Software) (Paper)

Scapy is an amazing tool, but these frameworks use Scapy to do more.

answered Nov 19 '15 at 13:35

kingmakerking

2,017
2
28
44

score 1 · Answer 7 · answered Dec 08 '08 at 18:13

1

I know fuzzled is really good as a framework, if you fancy with Perl : http://www.securiteam.com/tools/5FP0Q1PKUS.html

JborFuzz and most of other fuzzers won't do it since they are not designed as a framework, certainly not for network level.

answered Dec 08 '08 at 18:13

dr. evil

26,944
33
131
201

Frameworks for network protocol fuzzing?

7 Answers7

Linked