December 7, 2019

Fuzz - 5.0 - Fuzzing targets

I have an app, but what to fuzz

Generally, we can try to fuzz it via the each accept inputs including the follows:

In conclude, enum all accept inputs from users, prioritize the usage frequency to fuzz it.

For each input, define control cases, normal cases & edge cases before fuzzing.

Normal case:

Value
- 32 bit int
  - 0 to 2^32-1 or -2^31 to 2^31-1
- short
  - 0 to 2^16-1 or -2^15 to 2^15-1
- byte
  - 0 to 2^8-1 or -2^7 to 2^7-1
usage
- Fuzz random values within the accepted range
- It should be as expected for possive results
- We are looking for false positive here

Control case:

value
- Few cases from normal case
Usage
- Used for comparison for strange behavior
- Let you know what is an unaccepted value and crashable value

Edge case:

value
- 2^32-1 or -2^31 or 2^31-1 or 2^32
- 2^16-1 or -2^15 or 2^15-1 or 2^16
- 2^8-1 or 2^7 or 2^7-1 or 2^8 or 2^7-2
- non int val
- weird charset like \x00, \x0d, \x0a etc
usage
- Try to break the app from here
- It should be crashed in edge cases or behave as it is
- We are looking for negative results here

Normal case:

Control case:

Edge case:

Normal case:

Control case:

Edge case:

repeat requested delimiters
- example: by submitting extra : we may be able to poison the \etc\passwd table like this root:::::::::password
null byte or null hex
again, \x00, \x0d, \x0a
"A"256
int, floating number
by not submitting it
by submitting it twice or third

The key is trying to make your app crash.
If you find anything different than the control case, you should take sometime to look at it.