In preparation for the imminent release of Fuzzled 1.1, I spent this evening writing a short paper entitled "Writing a fuzzer using the Fuzzled framework". The paper includes some of the techniques I use to dismantle protocols including documentation, observation and static analysis. It then moves on to the fundamentals of implementing a protocol using the framework. I talk about base requests, namespaces and tieing them together with factories with reference to Fuzzled::Protocol::HTTP, an example included in the framework. The paper also highlights a few tricks to the framework, including developing multi-threaded fuzzers, identifying offsets and parsing packets. It ends with my techniques to identify vulnerabilities highlighted by fuzzers. I'm sure none of the techniques themselves are new, but the application of them in the context of using the Fuzzled framework may provide some inspiration to others. The full paper can be found at: http://www.nth-dimension.org.uk/utils/get.php?downloadsid=35. Cheers, Tim PS If anyone wants to try a release candidate of Fuzzled 1.1, contact me off list and we'll see what we can do. -- Tim Brown <mailto:timb@xxxxxxxxxxxxxxxxxxxx> <http://www.nth-dimension.org.uk/>
