06 - How to maybe not be so bad at fuzzing, Part 2
06 - Back to the Fuzzing, Part 2 This post will focus more on actual usage of different fuzzers, rather than part one which talked about fuzzing from a higher level. I'll use the widely available vulnserver.exe as a target application for a bunch of examples, as there are a ton of posts out there that go over exploiting it. I will also briefly talk about some typical fuzzing use-cases, such as HTTP requests, and how we may employ a fuzzer to assist in testing. I'm not going to turn our crashes into exploits, that's outside of the scope of this post-- I'll just take a more in depth look at the available tools to expedite the process of locating bugs. Here's the agenda for tool usage: Python Sockets SPIKE boofuzz In part one I'll talk about some common ways to implement python sockets, such as raw sockets for a normal client / server model, fuzzing HTTP requests, and maybe a bit more if I don't get lazy half-way. In part two I will apply