ST

Description: Sfuzz is a simple fuzzer which can be used for quick and dirty fuzzing experiments, where ones does not need a very advanced functionality or flexibility, like in the SPIKE fuzzer. Though, Sfuzz is in no way a replacement for SPIKE, once can very quickly hack together simple fuzzing tests using it. In this video, we will look at a demo of how to get started with Sfuzz. We will do 2 demonstrations - the first we will use one of the sample configuration scripts which come with Sfuzz for HTTP fuzzing, the second will be a demo of how one can find a remote buffer overflow using a fuzzing attack.

Architecturally, fuzzers generally consist of 2 different parts - the "fuzzed" payload generator and the payload transporter (over a network or to stdout). Sfuzz's payload generator is very simple with low configurability  and the payload transporter allows for delivery over TCP/UDP/Stdout. Overall, its a nifty little tool and definitely recommended for newbies to the world of fuzzing and for doing simple fuzzing tasks.

You can download the tool here and visit the author Aaron Conole's website here.

Tags: tools ,