2. Definition
Fuzz testing or Fuzzing is a Black Box software testing
technique, which basically consists in finding
implementation bugs using malformed/semi-
malformed data injection in an automated fashion.
FuzzBb - Attack and Discovery Pattern Database for Application Fuzz
Testing
3. fuzzdb is an open source database of attack patterns, predictable
resource names, regex patterns for identifying interesting server
responses, and documentation resources.
FuzzBb - Attack and Discovery Pattern Database for Application Fuzz
Testing
5. Predictable Resource Locations –
Sorted by platform type, language, and application,
making brute force testing less brutish.
FuzzBb - Attack and Discovery Pattern Database for Application Fuzz
Testing
6. FuzzBb - Attack and Discovery Pattern Database for Application Fuzz
Testing
7. Attack Patterns –
Categorized by :
Platform, Language, and Attack type
Attack Payloads:
information leakage
OS command injection
directory listings
directory traversals
source exposure
file upload bypass
XSS
SQL injection and more.
FuzzBb - Attack and Discovery Pattern Database for Application Fuzz
Testing
8. FuzzBb - Attack and Discovery Pattern Database for Application Fuzz
Testing
9. Response Analysis –
predictable strings.
interesting error messages.
lists of common Session ID cookie names, and more.
Other useful stuff –
Webshells.
common password and username lists, and some handy
wordlists.
Documentation –
Helpful documentation and cheat-sheets sourced from around
the web that are relevant to the payload categories are also
provided.
FuzzBb - Attack and Discovery Pattern Database for Application Fuzz
Testing
10. FuzzBb - Attack and Discovery Pattern Database for Application Fuzz
Testing
11. The sets of payloads currently built in to open source fuzzing
and scanning software are poorly representative of the total
body of potential attack patterns.
Commercial scanners are a bit better, but not much.
However, commercial tools also have a downside, in that
that they tend to lock these patterns away in obfuscated
binaries.
Furthermore, it's impossible for a human pentester to
encounter and memorize all permutations of the meta
characters and hex encoding likely to cause error conditions
to arise.
FuzzBb - Attack and Discovery Pattern Database for Application Fuzz
Testing
12. FuzzDB was created to aggregate all known attack payloads
and common predictable resource names into usable fuzzer
payload lists, categorized by function and platform, and make
them freely available under an Open Source license. It is
immediately usable by web application penetration testers and
security researchers.
FuzzBb - Attack and Discovery Pattern Database for Application Fuzz
Testing
13. Lots of hours of research while performing penetration tests:
analysis of default app installs
analysis of system and application documentation
analysis of error messages
researching old web exploits for repeatable attack
strings
scraping scanner patterns from http logs
various books, articles, blog posts, mailing list threads
patterns gleaned from other open source fuzzers and
pentest tools
FuzzDB is like an open source web application security
scanner, without the scanner.
FuzzBb - Attack and Discovery Pattern Database for Application Fuzz
Testing
14. Burp Proxy's intruder module
Incorporate the patterns into Open Source software,
or into your own commercial product.
FuzzBb - Attack and Discovery Pattern Database for Application Fuzz
Testing
15. FuzzBb - Attack and Discovery Pattern Database for Application Fuzz Testing
16. FuzzBb - Attack and Discovery Pattern Database for Application Fuzz Testing