GNU/Linux ◆ xterm-256color ◆ zsh 3525 views

https://github.com/nccgroup/fuzzowski

This demo shows how to use fuzzowski to make an extremely simple fuzzer to test the method and the path of an HTTP Request, directly defining the request and insertion points (mutants) in the command line.

python -m fuzzowski -p tcp 127.0.0.1 31337 \
     --restart run "./restart_server.sh" \
     -f raw -r '{{GET}} {{/}} HTTP/1.0\r\n\r\n'

It then shows:

  • How movements inside the session works, going to test case numbers or to the mutants by their names, (goto 50, goto request1.string2, skip)
  • Use of the print, poc and crash commands
  • Use commands to run tests, such as continue, next and fuzz
  • How a suspect is found and how the test case is added automatically to suspects