[Question] Fuzzing Rules to Generate Data Randomly

[kwans...@gmail.com]

Dear Anyone,

I'd like to use boofuzz to my application and got through the FTP example to understand how boofuzz works.

A question popped up in my head which how boofuzz generates fuzz data.

It means how to "session.fuzz()" method generates fuzz data randomly.

If there are rules to generate fuzz data, please share the reference material.

if you need more information, do not hesitate to ask.

Thanks in advance.

Sincerely,

Kwansik

[xiny...@gmail.com]

I'm also interested in rules of generating data.

在 2019年5月14日星期二 UTC-4下午8:53:45，kwans...@gmail.com写道：

[Kwansik Kim]

Attached the response from Joshua.

Kwansik,

 

Each fuzz primitive (or “block”) has its own rules for generating fuzz data, and custom blocks can also be defined. Most of the built in primitives are deterministic. The string primitive has a list of bad strings and IIRC also mutates the default value. The numeric primitives have their own strategy that emphasizes edge values.

 

If you want to dive in more, I highly recommend checking out the code itself. You should be able to find the relevant code fairly easily.

 

Hope that helps.

 

 

Joshua

2019년 7월 12일 금요일 오전 4시 44분 40초 UTC+9, xiny...@gmail.com 님의 말: