
Show HN: PyFuzz2 – A little fuzzing framework in Python - susperius
https://github.com/susperius/PyFuzz2
======
lifeisstillgood
What is a fuzzer _supposed_ to do? It seems something like randomly injecting
some (data) into a network and hoping something significant happens / breaks?

This seems a bit too unlikely - can anyone supply more details?

~~~
jzcoder
Instead of pure random data, fuzzers can use 'attack heuristics' to try and
minimize the search space. These are specific patterns that are more likely to
expose bugs, based on previous vulnerabilities and known coding errors. For
example using '%n%n%n%n%n' many times to exploit C-style format string stack
vulnerabilities.

Mozilla started a project known as FuzzDB to collect these heuristics,
although it doesn't appear to have been maintained recently.

Here's some examples from FuzzDB:
[https://code.google.com/p/fuzzdb/source/browse/trunk/attack-...](https://code.google.com/p/fuzzdb/source/browse/trunk/attack-
payloads/format-strings/format-strings.txt)

~~~
jzcoder
Here's another set of examples, for different targets:

[https://www.owasp.org/index.php/OWASP_Testing_Guide_Appendix...](https://www.owasp.org/index.php/OWASP_Testing_Guide_Appendix_C:_Fuzz_Vectors)

------
s_q_b
Cool! I'll admit I haven't had time to give this more than a gloss yet, but
the architecture is interesting. I've always wanted to implement a fuzzer. My
current fuzzer of choice is Sulley:
[https://github.com/OpenRCE/sulley](https://github.com/OpenRCE/sulley)

~~~
StavrosK
I prefer Hypothesis. It's not so much a fuzzer as a library to generate data
for unit tests, and thus fits much more easily in the development flow.

~~~
s_q_b
Yeah, it really depends on your use case. Hypothesis is better for unit
testing and development. It's a developer's tool. Sulley is better for finding
bugs that could lead to vulnerabilities. It's really an infosec tool.

