I developed Stupid in late 2011 to automate fuzzing and problem/app fault detection process of different file formats( mainly Music/Video players etc). I've been receiving many email from my readers asking me to release POC of a python + pydbg fuzzer. So today I'm very happy to make this small yet effective Fuzzer open to everyone. This is highly prototypal and I recommend to rewrite/modify the test case generator sub routine to make this fuzzer more effective.
Happy fuzzing guys. If you are lucky enough to find any zero day using this fuzzer, you can drop me a TY email or buy me a beer in return if we meet someday :)
Stupid source code is available @ https://github.com/debasishm89/Stupid
This software is licenced under a Beerware licence although the following libraries are included with Stupid and are licensed separately.
You need to provide the target application binary path (.exe) and at least one base file to run this fuzzer. You can to modify the configuration section of "stupid.py" as per your requirement.
mutate() routine is responsible for generating test cases from given bases files. It has two sub parts:
You may want to change / modify these routines to make this fuzzer more effective. ;)
To monitor target application for different types of crashes (access violation), Stupid uses pydbg(Python debugger).It also uses "utils" of https://github.com/pedramamini/paimei framework to collect crash information which can be used later to identify/distinguish interesting app crashes. Sample crash synopsis file is below,
Crash files and crash information can be found in "Crashes" folder which can be used to reproduce app crashes.
Source Code:
Stupid source code is available @ https://github.com/debasishm89/Stupid
Licence:
This software is licenced under a Beerware licence although the following libraries are included with Stupid and are licensed separately.
- pydbg
- paimei - https://github.com/pedramamini/paimei
Running this Fuzzer:
Stupid was developed and tested with Win32 Python 2.7(x86). So it's recommended to use the same version of python. Also make sure pydbg(x86) is installed on the system.
You need to provide the target application binary path (.exe) and at least one base file to run this fuzzer. You can to modify the configuration section of "stupid.py" as per your requirement.
Test Case Generation:
mutate() routine is responsible for generating test cases from given bases files. It has two sub parts:
- Bitflip
- Random Byte Flip
You may want to change / modify these routines to make this fuzzer more effective. ;)
Monitoring:
To monitor target application for different types of crashes (access violation), Stupid uses pydbg(Python debugger).It also uses "utils" of https://github.com/pedramamini/paimei framework to collect crash information which can be used later to identify/distinguish interesting app crashes. Sample crash synopsis file is below,
Reproducing Crashes:
Crash files and crash information can be found in "Crashes" folder which can be used to reproduce app crashes.
ReplyDeleteThanks for the information. I am looking forward to read More blogs from your your Website.
Snapdeal winner 2020
Snapdeal lucky Draw 2020
Check your Lucky Draw prizes here
Check your Lucky Draw prizes here
Students should download the DHSE Kerala Plus Two Model Paper 2022 for practise in order to achieve good results in the test. Candidates can get the Kerala Plus two question paper 2022 from the Kerala Higher Secondary Education Government's Education Portal. Kerala +2 Model Paper 2022 Candidates must complete the syllabus for each topic before practising the practise papers. Aspirants can learn about the marking method and types of questions asked by looking at sample papers. The test for Kerala board Class 12th may be held between March 17 and March 30, 2022. To learn more about the DHSE Kerala 2022 Plus Two Model Paper, read the entire article.
ReplyDeleteOh, come on ! This is very nice post, but you have to learn how to write well ! I know one guy and his brother know…. listen. If you really professional personal statement writers want to practice your essay writing and homework, you can use this beautiful service ! They going to teach you !
ReplyDelete