Stack Overflow
Stack Overflow

Questions tagged [fuzzing]

Testing software by presenting it with invalid input to find errors in input validation and handling.

Fuzzing or Fuzz-testing is a type of software test where the software is presented with invalid input to find errors in input validation and handling.

Fuzz testing is often automated.

Wikipedia Article

258 questions
21
votes
5 answers

How can you ensure secure coding with Test Driven Development?

I've been coming up to speed on the latest trend that is Test Driven Development (TDD). Most of the development I do is in C or C++. It strikes me that there is a very obvious conflict between common TDD practices and common secure coding…
Luke
  • 3,742
  • 4
  • 31
  • 50
20
votes
3 answers

Capture "Segmentation fault" message for a crashed subprocess: no out and err after a call to communicate()

I have problems using the subprocess module to obtain the output of crashed programs. I'm using python2.7 and subprocess to call a program with strange arguments in order to get some segfaults In order to call the program, I use the following…
Tic
  • 421
  • 1
  • 5
  • 14
15
votes
4 answers

Fuzz test (framework) web application?

Are there frameworks that can perform fuzztesting on WebApplications? I know that Selenium and WebDriver are used to build tests for web-applications, but I am particulary interested in libraries, frameworks or projects that have fuzz-testing…
Rob Audenaerde
  • 19,195
  • 10
  • 76
  • 121
13
votes
3 answers

Where can I find H.264 standard?

I would like to write a little fuzzer for H.264 but I am not aware about the file format. Could you give me the standard please, in order to forge correct (and therefore incorrect) h.264 files. Thanks Mathias
mathias zummer
  • 131
  • 1
  • 1
  • 3
12
votes
7 answers

Frameworks for network protocol fuzzing?

Can anyone recommend any programmer-friendly (i.e. extensible) frameworks or systems for performing network level packet fuzzing? I'm looking for such a system where I can program in additional packet formats and various ways of breaking those…
Alnitak
  • 334,560
  • 70
  • 407
  • 495
12
votes
2 answers

Looking for a Java fuzzing library or fuzzer tool with a good API

Are there any fuzzer libraries out there for Java? I'd like to sprinkle fuzzing capabilities into existing Java web-based automated integration tests. I've done a lot of searching but I'm coming up empty for a library that supports HTTP/S. There…
Jonathan Kohl
11
votes
2 answers

Library for fuzzy testing for Java

Is there a flexible framework for fuzzy testing in Java? The Wikipedia article on Fuzz testing defines fuzz testing as follows: Fuzz testing or fuzzing is a software testing technique, often automated or semi-automated, that involves providing…
Oliver
  • 3,815
  • 8
  • 35
  • 63
9
votes
3 answers

Is there a utility which given an ANTLR grammar will produce matching strings?

I have an ANTLR grammar and I would like to fuzz my parser.
Jerome B
  • 91
  • 1
9
votes
1 answer

AFL warning: Last new path : none yet (odd, check syntax!)

I have this warning (Last new path : none yet (odd, check syntax!)) in red after I try to fuzzing a file. I have no idea why it happens and I googled with no answers. My command is like: afl-fuzz -i testcases/ -o findings/ tcpdump-4.6.2/tcpdump…
Omg I killed Kennny
  • 311
  • 2
  • 9
9
votes
7 answers

How can I scan/fuzz my code for vulnerabilites?

I'm looking for an automated way to fuzz my app or scan it for vulnerabilities. Please assume that my hacking knowledge is 0. Also the source is on my localhost so I need a way to fuzz it locally without relying on an internet connection. Can some…
Chris
  • 8,736
  • 18
  • 49
  • 56
8
votes
3 answers

Fuzz-testing XML-parser

I want to fuzz-test a XML-parser and wonder if there are some appropriate fuzzers. It would be nice not only generate random garbage, but take advantages of existing schema specification like XSD or DTD.
p4553d
  • 818
  • 1
  • 7
  • 17
7
votes
1 answer

Wait for a prompt from a subprocess before sending stdin input

I have a linux x86 binary that asks for a password and will print out whether the password is correct or incorrect. I would like to use python to fuzz the input. Below is a screenshot of me running the binary, then giving it the string "asdf", and…
user10443042
  • 81
  • 1
  • 3
7
votes
2 answers

Network or Transport Layer Fuzzing

How do I go about executing a fuzzing strategy to stress a network stack, specifically at the third and fourth layers (network and transport)? I've looked at frameworks to generate fuzzers, like SPIKE, but it seems to me that they are mostly focused…
Santa
  • 71
  • 1
  • 2
7
votes
2 answers

How to do fuzzing testing with Selenium

I'm new to Selenium, and also fuzz testing. I see that Selenium IDE only allows the fixed test cases. But then fuzz testing seems to be helpful. So what's behind a fuzz testing, what kind of tests does Selenium offer, is this a black box or white…
Piet Ed
  • 89
  • 1
  • 3
6
votes
3 answers

Fuzzing the Linux Kernel: A student in peril.

I am currently a student at a university studying a computing related degree and my current project is focusing on finding vulnerabilities in the Linux kernel. My aim is to both statically audit as well as 'fuzz' the kernel (targeting version 3.0)…
A.Smith
  • 427
  • 5
  • 14
1
2 3
17 18