Distributed Fuzzing                                banneditTuesday, October 9, 12
Who am I?                            •   David D. Rude II aka bannedit                            •   twitter: @bannedit0 ...
Overview                     • What is fuzzing?                     • Why use it?                     • Distributed fuzzin...
What is fuzzing?                         A testing technique which throws                         inputs at a target appli...
Why use it?                •        Automated bug discovery                •        Can be as simple or complex as wanted ...
Distributed fuzzing                •        Spread the workload                •        Dig deeper faster (more test cases...
Designing a solution                •        Easy deployment                •        Start/Stop/Pause control             ...
Components                    Database                Fuzzer             Web Interface                  Node              ...
Database                                                 DB Schema                               Node                     ...
Web Interface                •        Easy creation of nodes                •        Deployment of fuzzers                ...
Node                •        Is a Virtual Machine                •        Runs the fuzzer                •        Monitors...
Fuzzer                • Sends inputs to the target application                • Might need scripts to enforce some rules  ...
Debugger                • Monitors the target application for abnormal                         behavior                • W...
RPC Interface                •        The glue that holds it all together                •        Web Interface - Client  ...
Scripts                •        Run the fuzzer                •        Send output of fuzzer to target app                ...
Deployment                •        Create VM                •        Install target software                •        Config...
Future ideas                •        RPC client debug console                •        Scriptable debugger (Rabbit... WIP) ...
Questions?Tuesday, October 9, 12
Upcoming SlideShare
Loading in...5
×

Distributed Fuzzing Framework Design

1,627

Published on

Quick intro presentation about the process of designing a distributed fuzzing framework

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,627
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
19
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Distributed Fuzzing Framework Design

  1. 1. Distributed Fuzzing banneditTuesday, October 9, 12
  2. 2. Who am I? • David D. Rude II aka bannedit • twitter: @bannedit0 • email: bannedit0@gmail.com • iDefense Labs • Metasploit DeveloperTuesday, October 9, 12
  3. 3. Overview • What is fuzzing? • Why use it? • Distributed fuzzing • Designing a solution • Components • Future ideas • QuestionsTuesday, October 9, 12
  4. 4. What is fuzzing? A testing technique which throws inputs at a target application. Inputs are intentionally malformed with the typical goal of causing abnormal application behavior.Tuesday, October 9, 12
  5. 5. Why use it? • Automated bug discovery • Can be as simple or complex as wanted • Effective • Blackbox testing • No knowledge of the code requiredTuesday, October 9, 12
  6. 6. Distributed fuzzing • Spread the workload • Dig deeper faster (more test cases / second) • Collaborative fuzzing • Fuzzer independent • Run multiple fuzzers • Multiple target applicationsTuesday, October 9, 12
  7. 7. Designing a solution • Easy deployment • Start/Stop/Pause control • Avoid VMWare specifics • Realtime monitoring • Client Server model (RPC)Tuesday, October 9, 12
  8. 8. Components Database Fuzzer Web Interface Node RPCTuesday, October 9, 12
  9. 9. Database DB Schema Node Crash id integer id integer name string module string ip string disasm string fuzzer_id integer has many crash_hash string debug_output string node_id integer has one Fuzzer id integer name string description stringTuesday, October 9, 12
  10. 10. Web Interface • Easy creation of nodes • Deployment of fuzzers • RPC client • Database stores crash data (downloadable) • Realtime monitoring of node health/status • Analytics?Tuesday, October 9, 12
  11. 11. Node • Is a Virtual Machine • Runs the fuzzer • Monitors the application • RPC server • Reports to the web interface (RPC client) • Crash data • Health statusTuesday, October 9, 12
  12. 12. Fuzzer • Sends inputs to the target application • Might need scripts to enforce some rules (framework support) • Might need scripts to send generated inputs (framework support) • Independent of the actual fuzzing frameworkTuesday, October 9, 12
  13. 13. Debugger • Monitors the target application for abnormal behavior • Windbg is a good option • I’m working on a scriptable debugger for my framework (Rabbit) • Log crashes • Crashes are not the only abnormal behavior to watch for (Launching other applications, file creation, etc)Tuesday, October 9, 12
  14. 14. RPC Interface • The glue that holds it all together • Web Interface - Client • Node - Server • Allows for Start, Stop, Pause control • Reporting of status, crashesTuesday, October 9, 12
  15. 15. Scripts • Run the fuzzer • Send output of fuzzer to target app • Attach the debugger to the target app • Staging source filesTuesday, October 9, 12
  16. 16. Deployment • Create VM • Install target software • Configure the fuzzer • Copy the scripts, fuzzer, and debugger to VM • Avoid VMWare specifics or make it modular so other VM products can be accommodated • SMB file shares could be a decent solutionTuesday, October 9, 12
  17. 17. Future ideas • RPC client debug console • Scriptable debugger (Rabbit... WIP) • Code coverage tools • Sample file reduction • Crash binningTuesday, October 9, 12
  18. 18. Questions?Tuesday, October 9, 12
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×