During analysing software testing paper I read
We plan to add floating-point operations in order to extend fuzz testing capability. Adding Floating-point operations to Fuzzing technique what kind of benefits I can expect? or What is the advantages of Floating-point operations for software testing? Great thanks
Is it suitable to test client-side implementation of some protocol or service, by setting up fuzzer on server-side, and then try to fuzz as many clients as possible at the same time. By that I want to speed up fuzzing tests, not loosing the test cases coverage.
imagine that if i wanted to find a vulnerability in a program that is used by a lot of people in order to exploit it.
the program is open source and is written in C/C++ . would this even be possible (fuzzing excluded) as google tells me that it is not possible to reverse engineer a C/C++ .exe file back to source code, that you only get assembly?
can i craft exploits based on assembly alone? would make me really sad if this is not possible.
Are there any projects, solutions, ideas where it is possible to fuzz a software:
using quantum computers, quantum programming?
or this combining is not yet possible?
Just thinking that in theory, with a quantum computer, you can check all possible states of a software (checking all possible inputs in a very short time).
Is software fuzzing safe (Anerican fuzzy lop or AFL for example)? What’s it probability of producing a random input that can make the program
- Delete a file or
- Connect to a random server
into a program?
I am not newbie at exploit development , but I would like to have a solid useful fuzzing framework instead of picking every fuzzing to see if it’s work.. I Have a list of fuzzing framework which I would use in certain cases.
WinAFL,ALF > file format / GUI with reversing(specific target function) Peach , Boofuzz > network protocol
which fuzzer would you recommmend for GUI apps(except webapps) / browsers (TOR,IE,edge , chrome , chromium) ?
I didn’t list spike because the use of Wireshark to find the crash it makes unuseful.
I have been looking for some options in order to fuzz windows based GUI application. I have an application binary (exe) which has some GUI forms, first it asks for Login and demand username and password in boxes (usual GUI stuff) and then it takes some other inputs afer login. All these inputs I want to fuzz. However I have just experienced in CLI based applications that take arguments which I replace while fuzzing with fuzzer input (afl-fuzz, hongg-fuzz, libfuzzer etc.)
I have searced about GUI fuzzing and got some options below which I am looking into for this project;
- winAFL (It demands target function to have some constraints, taking file input and processing it etc.)
- CERT BFF
- SharpFuzz (As language of test aplication is C#)
- HonggFuzz (I am not getting enough documentation on it)
Is there any other better way besides these options and what is the most optimum way to fuzz a GUI based binary?
I have used AFL recently for fuzzing of OPENSSL and it worked great. Now I am interesting in fuzzing mobile applications like I have got some
ipa files which i need to fuzz.
I searched on internet and findout about
ios-afl etc. However they have got less community I guess (I might be worng here) as I haven’t got enough documentation or blogs upon there usage etc.
Are there anyother Mobile Application fuzzers which work on blackbox mechanism as I mostly am dealing with apks?
Is there any way I can automate fuzzing in zap. I know how to do it manually. But is there any way to create test suite and execute?