Your SlideShare is downloading. ×
Distributed Fuzzing Framework Design
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Distributed Fuzzing Framework Design

1,557
views

Published on

Quick intro presentation about the process of designing a distributed fuzzing framework

Quick intro presentation about the process of designing a distributed fuzzing framework


0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,557
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
17
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Distributed Fuzzing banneditTuesday, October 9, 12
  • 2. Who am I? • David D. Rude II aka bannedit • twitter: @bannedit0 • email: bannedit0@gmail.com • iDefense Labs • Metasploit DeveloperTuesday, October 9, 12
  • 3. Overview • What is fuzzing? • Why use it? • Distributed fuzzing • Designing a solution • Components • Future ideas • QuestionsTuesday, October 9, 12
  • 4. What is fuzzing? A testing technique which throws inputs at a target application. Inputs are intentionally malformed with the typical goal of causing abnormal application behavior.Tuesday, October 9, 12
  • 5. Why use it? • Automated bug discovery • Can be as simple or complex as wanted • Effective • Blackbox testing • No knowledge of the code requiredTuesday, October 9, 12
  • 6. Distributed fuzzing • Spread the workload • Dig deeper faster (more test cases / second) • Collaborative fuzzing • Fuzzer independent • Run multiple fuzzers • Multiple target applicationsTuesday, October 9, 12
  • 7. Designing a solution • Easy deployment • Start/Stop/Pause control • Avoid VMWare specifics • Realtime monitoring • Client Server model (RPC)Tuesday, October 9, 12
  • 8. Components Database Fuzzer Web Interface Node RPCTuesday, October 9, 12
  • 9. Database DB Schema Node Crash id integer id integer name string module string ip string disasm string fuzzer_id integer has many crash_hash string debug_output string node_id integer has one Fuzzer id integer name string description stringTuesday, October 9, 12
  • 10. Web Interface • Easy creation of nodes • Deployment of fuzzers • RPC client • Database stores crash data (downloadable) • Realtime monitoring of node health/status • Analytics?Tuesday, October 9, 12
  • 11. Node • Is a Virtual Machine • Runs the fuzzer • Monitors the application • RPC server • Reports to the web interface (RPC client) • Crash data • Health statusTuesday, October 9, 12
  • 12. Fuzzer • Sends inputs to the target application • Might need scripts to enforce some rules (framework support) • Might need scripts to send generated inputs (framework support) • Independent of the actual fuzzing frameworkTuesday, October 9, 12
  • 13. Debugger • Monitors the target application for abnormal behavior • Windbg is a good option • I’m working on a scriptable debugger for my framework (Rabbit) • Log crashes • Crashes are not the only abnormal behavior to watch for (Launching other applications, file creation, etc)Tuesday, October 9, 12
  • 14. RPC Interface • The glue that holds it all together • Web Interface - Client • Node - Server • Allows for Start, Stop, Pause control • Reporting of status, crashesTuesday, October 9, 12
  • 15. Scripts • Run the fuzzer • Send output of fuzzer to target app • Attach the debugger to the target app • Staging source filesTuesday, October 9, 12
  • 16. Deployment • Create VM • Install target software • Configure the fuzzer • Copy the scripts, fuzzer, and debugger to VM • Avoid VMWare specifics or make it modular so other VM products can be accommodated • SMB file shares could be a decent solutionTuesday, October 9, 12
  • 17. Future ideas • RPC client debug console • Scriptable debugger (Rabbit... WIP) • Code coverage tools • Sample file reduction • Crash binningTuesday, October 9, 12
  • 18. Questions?Tuesday, October 9, 12