Security Information Vulnerability Research Security Blog

Fuzzing anything that moves

November 16th, 2009 by , Filed under: Culture, Fuzzing, Web

<meta content="OpenOffice.org 3.0 (Linux)" name="GENERATOR" /><br /> <style type="text/css"> <!-- @page { margin: 0.79in } P { margin-bottom: 0.08in } A:link { so-language: zxx } --></style> <p style="margin-bottom: 0in">I’m in New Delhi, for the local <a href="(http://www.owasp.org/index.php/SecurityByte_and_OWASP_Asia_AppSec_Conference_2009">OWASP Conference</a>. There’s a <a href="http://www.owasp.org/index.php/SecurityByte_and_OWASP_Asia_AppSec_Conference_2009#tab=Conference">really nice lineup</a> and if you’re in the New Delhi area I highly recommend attending.</p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in">I’ll be speaking twice. On Tuesday about blackbox testing. The abstract can be paraphrased from the immortal words of the great fuzzing master Ice-T:</p> <blockquote> <p style="margin-bottom: 0in">If you’re from Mars, and you have inputs, we will fuzz you.</p> </blockquote> <p style="margin-bottom: 0in">(Look up the <a href="http://www.rhapsody.com/body-count/body-count/kkk-bitch/lyrics.html">original text</a>, I guarantee it’s worth it)</p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in">On Wednesday I’ll be talking a bit about breaking JSON applications, relying on the great research done by Amit Klein, Blueinfy, Jeremiah Grossman, Fortify, and many others.</p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in">If you spot any errors in either of my presentations let me know and I will buy you a beer. This offer does not include anything stupid I say while on a discussion panel…</p> <p style="margin-bottom: 0in"> <p style="margin-bottom: 0in"> <script type='text/javascript'> <!-- //OBSTART:do_NOT_remove_this_comment var OutbrainPermaLink="http://blogs.securiteam.com/index.php/archives/1332"; if(typeof(OB_Script)!='undefined'){OutbrainStart();} else { var OB_PlugInVer="7.0.0.0_Regular";;var OB_raterMode="stars";var OB_recMode="rec";var OBITm="1330324210";var OB_Script=true;var OB_langJS="";document.write(unescape("%3Cscript src='http://widgets.outbrain.com/OutbrainRater.js' type='text/javascript'%3E%3C/script%3E"));} //OBEND:do_NOT_remove_this_comment //--> </script> <div class="addtoany_share_save_container"><div class="a2a_kit a2a_target addtoany_list" id="wpa2a_1"><a class="a2a_dd addtoany_share_save" href="http://www.addtoany.com/share_save"><img src="http://blogs.securiteam.com/wp-content/plugins/add-to-any/share_save_171_16.png" width="171" height="16" alt="Share"/></a></div> <script type="text/javascript"><!-- wpa2a.script_load(); //--></script> </div> <!-- <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:trackback="http://madskills.com/public/xml/rss/module/trackback/"> <rdf:Description rdf:about="http://blogs.securiteam.com/index.php/archives/1332" dc:identifier="http://blogs.securiteam.com/index.php/archives/1332" dc:title="Fuzzing anything that moves" trackback:ping="http://blogs.securiteam.com/index.php/archives/1332/trackback" /> </rdf:RDF> --> <div class="comments-template"> <div id="disqus_thread"> </div> <script type="text/javascript"> /* <![CDATA[ */ var disqus_url = 'http://blogs.securiteam.com/index.php/archives/1332'; var disqus_identifier = '1332 http://blogs.securiteam.com/index.php/archives/1332'; var disqus_container_id = 'disqus_thread'; var disqus_domain = 'disqus.com'; var disqus_shortname = 'securiteamblogs'; var disqus_title = "Fuzzing anything that moves"; var disqus_config = function () { var config = this; // Access to the config object /* All currently supported events: * preData — fires just before we request for initial data * preInit - fires after we get initial data but before we load any dependencies * onInit - fires when all dependencies are resolved but before dtpl template is rendered * afterRender - fires when template is rendered but before we show it * onReady - everything is done */ config.callbacks.preData.push(function() { // clear out the container (its filled for SEO/legacy purposes) document.getElementById(disqus_container_id).innerHTML = ''; }); config.callbacks.onReady.push(function() { // sync comments in the background so we don't block the page DISQUS.request.get('?cf_action=sync_comments&post_id=1332'); }); }; var facebookXdReceiverPath = 'http://blogs.securiteam.com/wp-content/plugins/disqus-comment-system/xd_receiver.htm'; /* ]]> */ </script> <script type="text/javascript"> /* <![CDATA[ */ var DsqLocal = { 'trackbacks': [ ], 'trackback_url': "http:\/\/blogs.securiteam.com\/index.php\/archives\/1332\/trackback" }; /* ]]> */ </script> <script type="text/javascript"> /* <![CDATA[ */ (function() { var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true; dsq.src = 'http' + '://' + disqus_shortname + '.' + disqus_domain + '/embed.js?pname=wordpress&pver=2.72'; (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq); })(); /* ]]> */ </script> </div> </div> </div> <div class="browse prev"> <div class="prev"> <a href="http://blogs.securiteam.com/index.php/archives/1331" rel="prev">Is this the laziest 419 of all time?</a> </div> <div class="next"> <a href="http://blogs.securiteam.com/index.php/archives/1333" rel="next">Heathrow calling</a> </div> </div> <div class="clear"></div> </div> <div class="sidebar sidebar2"> <ul> <li id="a2a_share_save_widget-3" class="widget widget_a2a_share_save_widget"><div class="a2a_kit a2a_target addtoany_list" id="wpa2a_2"><a class="a2a_dd addtoany_share_save" href="http://www.addtoany.com/share_save"><img src="http://blogs.securiteam.com/wp-content/plugins/add-to-any/share_save_171_16.png" width="171" height="16" alt="Share"/></a></div></li> <li id="text-6" class="widget widget_text"> <div class="textwidget"><BR/><BR/><BR/><BR/><BR/><BR/><BR/></div> </li> <li id="categories-3" class="widget widget_categories"><h2 class="widgettitle">Categories</h2> <select name='cat' id='cat' class='postform' > <option value='-1'>Select Category</option> <option class="level-0" value="11">Apple  (57)</option> <option class="level-0" value="18">Ask the Expert  (26)</option> <option class="level-0" value="41">Book Reviews  (39)</option> <option class="level-0" value="27">Botnets  (72)</option> <option class="level-0" value="12">Cisco  (24)</option> <option class="level-0" value="5">Commentary  (1315)</option> <option class="level-0" value="21">Corporate Security  (366)</option> <option class="level-0" value="10">Culture  (391)</option> <option class="level-0" value="26">DDoS  (40)</option> <option class="level-0" value="17">Digest  (41)</option> <option class="level-0" value="33">Earl  (11)</option> <option class="level-0" value="23">Encryption  (43)</option> <option class="level-0" value="7">Full Disclosure  (212)</option> <option class="level-0" value="25">Funnies  (71)</option> <option class="level-0" value="20">Funny  (92)</option> <option class="level-0" value="30">Fuzzing  (34)</option> <option class="level-0" value="2">Gadgets  (83)</option> <option class="level-0" value="19">Google  (52)</option> <option class="level-0" value="34">Hacked  (13)</option> <option class="level-0" value="31">InSecurity  (17)</option> <option class="level-0" value="22">Insider Threat  (52)</option> <option class="level-0" value="24">Interviews  (10)</option> <option class="level-0" value="9">Law  (83)</option> <option class="level-0" value="4">Linux  (38)</option> <option class="level-0" value="40">malware  (64)</option> <option class="level-0" value="32">Memory Leak  (24)</option> <option class="level-0" value="3">Microsoft  (232)</option> <option class="level-0" value="28">Networking  (110)</option> <option class="level-0" value="38">OPSEC  (91)</option> <option class="level-0" value="14">OT  (199)</option> <option class="level-0" value="16">Phishing  (102)</option> <option class="level-0" value="15">Physical Security  (86)</option> <option class="level-0" value="6">Privacy  (141)</option> <option class="level-0" value="29">Rootkits  (31)</option> <option class="level-0" value="39">Sec Tools  (83)</option> <option class="level-0" value="42">Social Engineering  (49)</option> <option class="level-0" value="8">Spam  (153)</option> <option class="level-0" value="35">The NULL Terminated  (5)</option> <option class="level-0" value="44">Tips & Tricks  (30)</option> <option class="level-0" value="13">Virus  (246)</option> <option class="level-0" value="1">Web  (444)</option> <option class="level-0" value="36">Zoned Out  (4)</option> </select> <script type='text/javascript'> /* <![CDATA[ */ var dropdown = document.getElementById("cat"); function onCatChange() { if ( dropdown.options[dropdown.selectedIndex].value > 0 ) { location.href = "http://blogs.securiteam.com/?cat="+dropdown.options[dropdown.selectedIndex].value; } } dropdown.onchange = onCatChange; /* ]]> */ </script> </li> <li id="text-7" class="widget widget_text"> <div class="textwidget"><BR/> <!-- Place this tag where you want the +1 button to render --> <g:plusone></g:plusone> <!-- Place this render call where appropriate --> <script type="text/javascript"> (function() { var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true; po.src = 'https://apis.google.com/js/plusone.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); })(); </script></div> </li> </ul> </div> <div class="sidebar"> <a style="font-size: 150%;" href="/index.php/feed/"><img src="http://blogs.securiteam.com/wp-content/themes/securiteam.new/images/rss-icon-48x48.gif" width="24" ALT="Security RSS"> Subscribe</a> <br><br> <ul> <li id="text-4" class="widget widget_text"> <div class="textwidget"><div class="fb-like" data-href="http://blogs.securiteam.com" data-send="true" data-width="400" data-show-faces="true"></div></div> </li> <li id="text-3" class="widget widget_text"> <div class="textwidget"><div id="fb-root"></div> <script>(function(d, s, id) { var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = "//connect.facebook.net/en_US/all.js#xfbml=1"; fjs.parentNode.insertBefore(js, fjs); }(document, 'script', 'facebook-jssdk'));</script></div> </li> <li id="rss-3" class="widget widget_rss"><h2 class="widgettitle"><a class='rsswidget' href='http://www.securiteam.com/securiteam.rss' title='Syndicate this content'><img style='border:0' width='14' height='14' src='http://blogs.securiteam.com/wp-includes/images/rss.png' alt='RSS' /></a> <a class='rsswidget' href='http://www.securiteam.com' title='Welcome to the SecuriTeam RSS Feed - sponsored by Beyond Security. Know Your Vulnerabilities! Visit BeyondSecurity.com for your web site, network and code security audit and scanning needs.'>More Securiteam</a></h2> <ul><li><a class='rsswidget' href='http://www.securiteam.com/securitynews/5EP322KA0A.html' title='Google Chrome Isolated Web Sites suffers from process handling issue vulnerability […]'>Google Chrome Isolated Web Sites Process Handling Issue Vulnerability</a></li><li><a class='rsswidget' href='http://www.securiteam.com/securitynews/5FP332KA0A.html' title='GroundWork Monitor Enterprise Foundation Admin Interface /foundation-webapp/admin/manage-performanceDataLabel.jsp suffers from cross site scripting vulnerability […]'>GroundWork Monitor Enterprise Foundation Admin Interface XSS Vulnerability</a></li><li><a class='rsswidget' href='http://www.securiteam.com/securitynews/5GP342KA0A.html' title='GroundWork Monitor Enterprise Noma Component Multiple suffers from cross site scripting vulnerability […]'>GroundWork Monitor Enterprise Noma Component Multiple XSS Vulnerability</a></li><li><a class='rsswidget' href='http://www.securiteam.com/securitynews/5NP2U2KA1A.html' title='ISC DHCP libdns Unspecified Remote Memory Exhaustion suffers from denial of service vulnerability […]'>ISC DHCP libdns Unspecified Remote Memory Exhaustion DoS Vulnerability</a></li><li><a class='rsswidget' href='http://www.securiteam.com/securitynews/5OP2V2KA1A.html' title='Linux kernel dccp subsystem ccid null pointer dereference local suffers from denial of service vulnerability […]'>Linux Kernel Dccp Subsystem Ccid Null Pointer Dereference Local DoS Vulnerability</a></li><li><a class='rsswidget' href='http://www.securiteam.com/securitynews/5PP2W2KA1A.html' title='MailOrderWorks Dispatch Order Multiple Field suffers from cross-site scripting vulnerability […]'>MailOrderWorks Dispatch Order Multiple Field XSS Vulnerability</a></li><li><a class='rsswidget' href='http://www.securiteam.com/windowsntfocus/5QP2X2KA1A.html' title='Microsoft IE suffers from CMarkupBehaviorContext Use-after-free arbitrary code execution vulnerability […]'>Microsoft IE CMarkupBehaviorContext Use-After-Free Arbitrary Code Execution Vulnerability</a></li><li><a class='rsswidget' href='http://www.securiteam.com/windowsntfocus/5RP2Y2KA1A.html' title='Microsoft IE saveHistory Onload Event Handler Event Handling Use-after-free suffers from arbitrary code execution vulnerability […]'>Microsoft IE SaveHistory Onload Event Handling Use-After-Free Arbitrary Code Execution Vulnerability</a></li><li><a class='rsswidget' href='http://www.securiteam.com/windowsntfocus/5DP302KA1A.html' title='Microsoft Windows suffers from USB driver memory object handling local privilege escalation (2013-1287) vulnerability […]'>Microsoft Windows USB Driver Memory Object Handling Local Privilege (2013-1287) Vulnerability</a></li><li><a class='rsswidget' href='http://www.securiteam.com/securitynews/5EP312KA1A.html' title='Nitro Pro PDF File Handling suffers from denial of service vulnerability. […]'>Nitro Pro PDF File Handling DoS Vulnerability</a></li></ul></li> <li id="recent-posts-3" class="widget widget_recent_entries"> <h2 class="widgettitle">New</h2> <ul> <li><a href="http://blogs.securiteam.com/index.php/archives/2116" title="REVIEW: “Security and Privacy for Microsoft Office 2010 Users”, Mitch Tulloch">REVIEW: “Security and Privacy for Microsoft Office 2010 Users”, Mitch Tulloch</a></li> <li><a href="http://blogs.securiteam.com/index.php/archives/2112" title="Fake security can hurt you …">Fake security can hurt you …</a></li> <li><a href="http://blogs.securiteam.com/index.php/archives/2107" title="Why BC holds the record for “World’s Weirdest Politicians”">Why BC holds the record for “World’s Weirdest Politicians”</a></li> <li><a href="http://blogs.securiteam.com/index.php/archives/2104" title="REVIEW: “World War Hack”, Ethan Bull/Tsubasa Yozora">REVIEW: “World War Hack”, Ethan Bull/Tsubasa Yozora</a></li> <li><a href="http://blogs.securiteam.com/index.php/archives/2100" title="Password reset questions">Password reset questions</a></li> </ul> </li> <li id="recent-comments-3" class="widget widget_recent_comments"><h2 class="widgettitle">Comments</h2> <ul id="recentcomments"><li class="recentcomments">Marvel on <a href="http://blogs.securiteam.com/index.php/archives/382#comment-740742">“Rootkit” revamped?</a></li><li class="recentcomments">casusanima on <a href="http://blogs.securiteam.com/index.php/archives/1758#comment-740627">Using Skype Manager? no? Expect incoming fraud</a></li><li class="recentcomments">casusanima on <a href="http://blogs.securiteam.com/index.php/archives/1758#comment-740626">Using Skype Manager? no? Expect incoming fraud</a></li><li class="recentcomments"><a href='http://www.host-it.ie/services/email-filtering/' rel='external nofollow' class='url'>spam filtering</a> on <a href="http://blogs.securiteam.com/index.php/archives/1841#comment-740625">SMS Apple (malware) spam on Bell Mobility (Canada)</a></li><li class="recentcomments"><a href='http://www.facebook.com/aviramj' rel='external nofollow' class='url'>Aviram Jenik</a> on <a href="http://blogs.securiteam.com/index.php/archives/2100#comment-740624">Password reset questions</a></li></ul></li> <li id="text-5" class="widget widget_text"><h2 class="widgettitle">Admin</h2> <div class="textwidget"><a href="http://blogs.securiteam.com/wp-admin/">Login</a></div> </li> </ul> </div> <div class="clear"></div> <div id="footer"> <p><a href="http://blogs.securiteam.com" title="SecuriTeam Blogs home page">SecuriTeam Blogs</a> is powered by Word Press.</p> </div> </div><!-- end page --> </div> <script type="text/javascript"><!-- wpa2a.targets=[ {title:'Fuzzing anything that moves',url:'http://blogs.securiteam.com/index.php/archives/1332'}, {title:document.title,url:location.href}]; wpa2a.html_done=true;if(wpa2a.script_ready&&!wpa2a.done)wpa2a.init();wpa2a.script_load(); //--></script> <script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-29522810-1']); _gaq.push(['_setDomainName', 'securiteam.com']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); </script> </body> </html>