November 15, 2019 · Adv. Pen-Testing Fuzzing

Fuzz - 2.0 - How & mechanics

How fuzzing works?

  1. Look for attack surface *inputs
  2. Generate fuzzed data for input
    1. Mutated
    2. Generational
    3. Differential
  3. Execute test case
  4. Monitor for exceptions
  5. Determine exploitability


take an success test case as sample case, corrupt some parts of it
Pros: easy to check if the test is success, comparable results
Cons: not much results in low coding entropy, since the corrupted data wont cover a lot of code paths


Generate based on data model.
Pros: more cases to test, more code paths to be covered.
Cons: infinite test cases to each stage of a code path.
Hard to generate vary protocols.


Any fuzzing algorithm that actively reduces the testing state space

Test case should be considered based on those mechanics

Time complexity - most cases its O(n)