The File Format Fuzzing Framework (4f)

4f is a file format fuzzing framework. 4f uses modules which are specifications of the targetted binary or text file format that tell it how to fuzz the target application. If 4f detects a crash, it will log crucial information important for allowing the 4f user to reproduce the problem and also debugging information important to deciding the severity of the bug and its exploitability.

This tool will be made available on the 9/9/2009 at the following URL: http://www.krakowlabs.com/dev/fuz/4f/4f.tar.gz . Thanks to Jeremy Brown (0xjbrown41 [] gmail.com), the author of 4f for submitting this teaser video to SecurityTube. You can visit his site and have a look at his other interesting tools. We've already covered the Hzzp fuzzer he created in a previous video.

Tags: 4f, fuzzing, fuzzed, fuzz, fuzzer, file format fuzzing

 

Vivek Ramachandran is a security evangelist and has been working in computer security related fields for the past 7 years. In 2007, Vivek spoke at world renowned conferences Defcon (WEP Cloaking Exposed) and Toorcon (The Caffe Latte Attack). The discovery of the Caffe Latte Attack was covered by CBS5 news, BBC online, Network World etc news agencies.In 2006, Vivek was announced as one of winners of the Microsoft Security Shootout contest held in India among 65,000 participants. He has also been a recipient of a Team Achievement at Cisco Systems for his work on 802.1x and Port Security modules on the Catalyst 6500 switches. Currently he spends all of his time maintaining Security- Freak.Net , SecurityTube.Net and is the co-founder of Axonize. Vivek, is a Bachelor in Electronics and Communications Engineering from the prestigious Indian Institute of Technology, Guwahati.You can contact him at vivek[at]securitytube.net