

Ask HN: I want to implement a network fuzzer in a VNC server. Is it possible? - kasper

i want to implement a network fuzzer in a vnc server . How far is it possible to code it from scratch and  any good ebooks or links on it?
======
yan
I'm not clear on what you want to do. Do you want to fuzz a VNC server?

There are some ways you can do that. Try to find docs online that detail the
protocol or read the source of open-source VNC servers to infer the protocol.
You can then use some existing tools to generate some traffic (peach or scapy,
among many others). I'm not a fan of Peach for a few reasons, but some people
use it.

In general, you'd want to cover edge cases of inputs being parsed.
Signed/unsigned edges for integers, strings of various lengths with common bad
input patterns, unordered type-length-value pairs, etc and etc.

Try finding past vulnerabilities in the server you're trying to break and see
where others found holes. Check the changelog. Try instrumenting an existing
client.

~~~
kasper
i would like to implement a netowork fuzzer on a client system through a vnc
server installed at the server , and if i find an anomaly in the system , i
would like to take up complete control of the system. is it possible?

