Professional Documents
Culture Documents
LAB 4: Fuzzing
FUZZING
Fuzzing is an automated software testing method that injects invalid, malformed, or unexpected
inputs into a system to reveal software defects and vulnerabilities. A fuzzing tool injects these
inputs into the system and then monitors for exceptions such as crashes or information leakage.
Fuzz testing offers a wide range of benefits to a security and quality program.
Fuzzing provides a good overall picture of the quality of the target system and software.
Fuzzing is the primary technique used by malicious hackers to find software
vulnerabilities. Using it in your security program helps you prevent zero-day exploits
from unknown bugs and weaknesses in your system.
Fuzzing has a low overhead for both cost and time. Once a fuzzer is up and running, it
can start to look for bugs on its own, with no manual/human intervention, and can
continue to do so for as long as needed.
Fuzzing helps uncover bugs that would not have been detected through conventional
testing methods or manual audits.
1. Application Fuzzing: This fuzzing method tests UI features such as buttons, input fields
in forms, or options in command-line programs. It can similarly be used to test API
commands.
2. Protocol Fuzzing: Protocols such as Hypertext Transfer Protocol (HTTP) are used to
exchange data over the web. Protocol fuzzing is used to test the behavior of a server
when bad content is sent over a given protocol.
3. File Format Fuzzing: File format fuzzing creates a corrupted file and presents it to the
target software for processing. This is relevant both for installed software and web
applications that accept files as input. Files are usually in standard formats,
such .jpg, .docx or .xml.
sfuzz
wfuzz
ffuf
VAF
Installation:
Unlinked resources or webpage is anything that is not accessible from the viewable webpage.
Installation