undefined | Better HN

0 pointsyeukhon12y ago0 comments

Not entirely true.

Fuzzing is not about modifying data. I don't think that's the right way to describe fuzzing.

It's about testing the durability of a program by trying all kinds of data, as greedy as possible. This includes known problematic inputs and random inputs to match some expectations. By random it can either be totally random (any length, any pattern) or protocol-aware.

Random clicking is a form of random data testing because you are trying random input stream to a program. Your argument is not entirely wrong either. By fuzzing his UI he may trigger the browser to crash. He may trigger his monkey to crash. Fuzzing is a very general technique. I can write a fuzzer that fuzz Firefox's UI Australis. What will I look for? Maybe after opening 100 tabs and closing the 45th tab the titlebar disappeared. Or resize the browser from range s to range w I will find some range will cause the UI to look ugly (style overflow, etc). Or after clicking on the scrollbar several times consecutively the browser crashed.

Barton Miller, the "Father of Fuzzing" did UI fuzzing by simulating actual keystrokes and mouse clicks. See ftp://ftp.cs.wisc.edu/paradyn/technical_papers/fuzz-nt.pdf

In his Forwards page, he even mentioned "Monkey" http://pages.cs.wisc.edu/~bart/fuzz/Foreword1.html

0 comments

Mutjake12y ago

One nice way of describing fuzzing is that it is running a search problem (searching for bugs) using more or less guided Monte Carlo method for the program's input space. Generally the testing should also be automated (test case injection and testing oracle), so that one can beat the program with enough test cases for the fuzzing to be viable.

Relating to the practical example: if one is trying to find bugs from the UI code (or it is the only way to feed inputs to the program), monkey method of fuzzing is the way to go. But if one tries to test the deeper layers of the program, it is beneficial to try to find the lowest layer of inputs we can access, since it enables faster input of test cases and thus makes the fuzzing more effective.

One way of the other, my opinion is that both are fuzzing, by the definition I gave for it :-)

yeukhonOP12y ago

I like the way you treat fuzzing as search program.

Mutjake12y ago

It's a nice way of summing up the general principle. Unfortunately I can't take the credit for coming up with that one :-)

j / k navigate · click thread line to collapse

0 pointsyeukhon12y ago0 comments

Not entirely true.

Fuzzing is not about modifying data. I don't think that's the right way to describe fuzzing.

Barton Miller, the "Father of Fuzzing" did UI fuzzing by simulating actual keystrokes and mouse clicks. See ftp://ftp.cs.wisc.edu/paradyn/technical_papers/fuzz-nt.pdf

In his Forwards page, he even mentioned "Monkey" http://pages.cs.wisc.edu/~bart/fuzz/Foreword1.html

0 comments

Mutjake12y ago

One way of the other, my opinion is that both are fuzzing, by the definition I gave for it :-)

yeukhonOP12y ago

I like the way you treat fuzzing as search program.

Mutjake12y ago

It's a nice way of summing up the general principle. Unfortunately I can't take the credit for coming up with that one :-)

j / k navigate · click thread line to collapse