Problem 1 (5 points): Before attempting problems 2 and 3 you should get acquaint

Question

Problem 1 (5 points): Before attempting problems 2 and 3 you should get acquainted with program fuzzers. Compare the Peach Fuzzer with AFL and at least one of fuzzer of your choosing Fuzzer Peach Fuzzer AFL «a fuzzer of your choosing> Pros Cons Resources 1. AFL https://Icamtuf.blogspot.com/2014/11/pulling-ipegs-out-of-thin-air html 2. Kelinci (AFL for Java): https://www.andrew.cmu.edu/user/rkersten/publications/ccs17-kersten.pdf 3. Peach Fuzzer http://community.peachfuzzer.com WhatlsPeach.html 4. Other Resources .https:llgithub.com/secfigo/Awesome-Fuzzing www.google.com

Explanation / Answer

1. Fuzzing or fuzz testing is an automated testing technique.It involves providing invalid,unexpected or random data as inpus to a computer program.Then the program is monitored for exceptions.Exceptions are like crasehs or failing built-in code assertions or memory leaks.Fuzzers are used to test programs that take specified structured inputs. For example in a file format or protocol and distinguishes valid from invalid input. An effective fuzzer generates semi-valid inputs that are valid enough.Also they are not directly rejected by the parser, but do create unexpected behaviors in the program and are invalid enough to expose corner cases. it is more important to fuzz code that handles the upload of a file by any user than it is to fuzz the code that parses a configuration file that is accessible only to a privileged user.This is done for security purpose.Fuzzers can be categorized as follows,

       * A fuzzer can be generation-based or mutation-based depending on whether inputs are generated from scratch or by modifying existing inputs.

       * A fuzzer can be dump or smart depending on whether it is aware of input structure

       * A fuzzer can be white-,grey- or blakc- box depending on whether it is aware of program structure

Peach Fuzzer

     Is an automated security testing platform taht prevents zero-day attacks by finding vulnerabilities in hardware and software.It can test virtually any system for unknown vulnerabilities.There’s no limit to what and how you can fuzz with Peach Fuzzer’s innovative security testing products. The Peach Fuzzer Platform has been enhanced to maximize test coverage, control, precision and efficiency. Peach Fuzzer also provides a seamless user experience across Windows, Linux and OSX.

AFL

     AFL refers to american fuzzy lop.It is a security-oriented fuzzer that employs a novel type of compile-time instrumentation and genetic algorithms to automatically discover clean, interesting test cases that trigger new internal states in the targeted binary. This improves the functional coverage for the fuzzed code. The compact synthesized corpora produced by the tool are also useful for seeding other, more labor- or resource-intensive testing regimes down the road.

Block-Based Fuzzers

    A good example of a block-based fuzzer is Spike. This kind of fuzzer allows the user to create a framework representing the protocol or file format in a block-based manner.So it can fuzz each block depending on his value's type . A block-based structure allows the fuzzer to treat subparts of the protocol like small blocks that we can apply transformation on; size of block, encrypt block, and MD5 of the block. This approach works well for complex binary protocols where multiple consistency checks are done over the data before processing.

*An easy-to-use graphical user interface (GUI)

*Advanced monitoring capabilities

*Improved components for logging and publishing

*Cross-platform support for Windows, Linux and OSX

*cannot provide a complete picture of an overall security threat or bugs

*To perform effectively, it will require significant time

*It is pretty sophisticated

*Fast

*No tinkering required

*It's chainable to other tools

*cannot provide a complete picture of an overall security threat or bugs

*To perform effectively, it will require significant time

*Easy to control what you want to attack

*Can target attack type by value type

*Works well with checksum and size values

*Time required for developing a layout for a new protocol

*Hard to cover all the cases of a protocol

*Reversing protocol of file format

FUZZER PROS CONS PEACH

*An easy-to-use graphical user interface (GUI)

*Advanced monitoring capabilities

*Improved components for logging and publishing

*Cross-platform support for Windows, Linux and OSX

*cannot provide a complete picture of an overall security threat or bugs

*To perform effectively, it will require significant time

AFL

*It is pretty sophisticated

*Fast

*No tinkering required

*It's chainable to other tools

*cannot provide a complete picture of an overall security threat or bugs

*To perform effectively, it will require significant time

BLOCK-BASED

*Easy to control what you want to attack

*Can target attack type by value type

*Works well with checksum and size values

*Time required for developing a layout for a new protocol

*Hard to cover all the cases of a protocol

*Reversing protocol of file format

Related Questions

Navigate

• Browse (All)
• Browse P
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.