Simple fuzzing example with Zzuf
I’ve been developing software for a while now, and recently I’ve found a way to
segway my interest in information security into the software development process
of the company I’m currently working for. The goal here is simple; I get to do
fun stuff, and they get better software out of it.
Testing all the things
When I was a kid I was always doing stupid stuff. This fields reads “age”. What
if I give it a string? What if I give it quotes? What if I feed it non-printable
symbols?
Well, what I was doing is basically permutation testing. And if you’re in a TDD
shop - then you’ll have caught most of what I was doing back then. If not, maye
I would have found some curious edge-case bugs still in your API.
But nowadays we can do much better. What if we can let the computer decide what
to put into that “age” field?
Simple fuzzing with a simple fuzzer
I’ll be using the utility zzuf for this example. Let’s imagine we want to
corrupt some string. The string “Hello world” would be an excellent example,
don’t you agree?
So fire up your terminal, and let’s corrupt hello world!
1 | kapott@fuzz$ echo "Hello world!" | zzuf -r 0.01 |
Not too shabby, it omitted the first letter. Now, if we execute this again,
it’ll give us the same output. That’s because it’s random number, it’s seed,
which it uses to randomize output, is set to ‘1’ by default. The seed determines
the outcome. So if you ever want to reproduce a certain outcome, be sure you get
that seed number!
1 | kapott@fuzz$ echo "Hello world!" | zzuf -r 0.01 -s 2 |
Ah, seed 2 gives us a different permutation. Excellent.
And this is all that fuzzing, or fuzz-testing, really is. We just mangle the
input and see what rolls out.
So, if we do something like this in bash:
1 | for i in {1000..3000}; do echo "Hello world!" | zzuf -r 0.02 -s $i; done; |
We have a pretty good idea of what a simple fuzzer does. Fiddle around with the
“-r” flag a bit, which increases randomness. Watch it though, as you’ll soon be
crashing your terminal.
