Description: Sfuzz is a simple fuzzer which can be used for quick and dirty fuzzing experiments, where ones does not need a very advanced functionality or flexibility, like in the SPIKE fuzzer. Though, Sfuzz is in no way a replacement for SPIKE, once can very quickly hack together simple fuzzing tests using it. In this video, we will look at a demo of how to get started with Sfuzz. We will do 2 demonstrations - the first we will use one of the sample configuration scripts which come with Sfuzz for HTTP fuzzing, the second will be a demo of how one can find a remote buffer overflow using a fuzzing attack.<br><br>Architecturally, fuzzers generally consist of 2 different parts - the "fuzzed" payload generator and the payload transporter (over a network or to stdout). Sfuzz's payload generator is very simple with low configurability and the payload transporter allows for delivery over TCP/UDP/Stdout. Overall, its a nifty little tool and definitely recommended for newbies to the world of fuzzing and for doing simple fuzzing tasks.<br><br>You can download the tool here and visit the author Aaron Conole's website here.<br><br>
Tags: tools ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.