Add to collection(s) Add to saved
  1. Social Science
  2. Political Science
  3. Media

Smash File Fuzzer

Smash
File
Fuzzer
Presented
at
OWASP
AppSec
Research
2010
By
Komal
Randive,
Symantec
CorporaBon
23
June
2010
IntroducBon
•  Symantec
Product
Security
Group
•  Safe
Code
www.safecode.org
2
Agenda
1
Why File Fuzzing ?
2
Smash File Fuzzer
3
File Categories
4
Fuzzing with greater control
5
Demo
6
Future of Smash File Fuzzer
3
Why
File
Fuzzing?
Network Ports
Environment Variables
User Input
Output
Files
4
Why
File
Fuzzing?
Presenta9on
Iden9fier
Goes
Here
5
Yet
Another
File
Fuzzer
?
•  Controlled
fuzzing
–
guarantee
file
acceptance
by
applica9on
•  Par9al
file
format
specifica9on
•  Fuzzing
Compound
files
•  Coverage
and
compliance
6
Smash
File
Fuzzer
Sample input file
Fuzzing Configuration
File format Specification
Fuzzing Dictionary
Fuzzed Files
7
Inputs
for
Smash
File
Fuzzer
• File
format
specifica9on
– Custom
Descrip9on
language
– Field
length,
offset,
field
hierarchy,
field
sequence
• Fuzzing
Configura9on
– What
to
fuzz
?
– How
to
fuzz?
<field
name>
<occurrences
to
be
fuzzed>
<aLack
type>
<length
update>
• Fuzzing
Dic9onary
– ALack
specific
fuzz
input
strings
– Applica9on
specific
data
8
File
Categories
•  Standard
file
formats
– 
– 
– 
– 
Format
specifica9ons
are
precise
Contains
magic
strings
Hierarchy
of
subfields
ASCII
and
binary
data
–  E.g.
.rP
,
.wav
,
.png
etc.
•  Applica9on
specific
configura9on
files
– 
– 
– 
– 
Custom
defined
and
weak
format
specifica9ons
Delimiters
as
magic
strings
Rela9vely
flat
subfield
hierarchy
Mostly
ASCII
data
–  E.g.
.cnf
,
.xml,
.conf
,
.csv
etc
•  Data
files
–  Format
specifica9on
is
very
precise
–  Contains
no
magic
strings
–  Binary
data
–  E.g.
.dat
9
Fuzzing
with
greater
control
•  File
fuzzing
with
par9al
file
format
descrip9on
•  Targeted
aLack
specific
fuzzing
–  Buffer
overflow,
format
string
aLack,
directory
traversal,
SQL
injec9on
etc.
•  Higher
control
over
the
fuzzing
–  Fields
to
be
fuzzed
–  Occurrences
to
be
fuzzed
–  Applica9on
specific
data
–  Mul9ple
field
fuzzing
–  Number
of
fuzzed
files
to
be
generated
–  Length
update
op9on
10
Demo
11
CVE-2008-2430 - Integer overflow in VLC Media Player
via a large fmt-chunksize value in a WAV file.
Presenta9on
Iden9fier
Goes
Here
12
Future
of
Smash
File
Fuzzer
•  Build
a
library
of
file
format
specifica9ons
•  Detailed
correla9on
among
fields
in
file
format
13
Thank
you!
Komal
Randive
Komal_randive@symantec.com
Copyright
©
2010
Symantec
CorporaBon.
All
rights
reserved.
Symantec
and
the
Symantec
Logo
are
trademarks
or
registered
trademarks
of
Symantec
Corpora9on
or
its
affiliates
in
the
U.S.
and
other
countries.
Other
names
may
be
trademarks
of
their
respec9ve
owners.
This
document
is
provided
for
informa9onal
purposes
only
and
is
not
intended
as
adver9sing.
All
warran9es
rela9ng
to
the
informa9on
in
this
document,
either
express
or
implied,
are
disclaimed
to
the
maximum
extent
allowed
by
law.
The
informa9on
in
this
document
is
subject
to
change
without
no9ce.
14

Related documents
Fuzzing Web Applications and Services
Fuzzing Web Applications and Services
Fuzzable
Fuzzable
Separating computation and storage with storage virtualization Speaker : Meng-Shun Su
Separating computation and storage with storage virtualization Speaker : Meng-Shun Su
PowerPoint 簡報
PowerPoint 簡報
Godel`s Gourd
Godel`s Gourd
Improving Mac OS X Security Through Gray Box Fuzzing Technique
Improving Mac OS X Security Through Gray Box Fuzzing Technique
Driller: Augmenting Fuzzing Through Selective
Driller: Augmenting Fuzzing Through Selective
Download