ebook img

Fuzzing brute force vulnerabilty discovery. - Includes index PDF

574 Pages·2007·8.783 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Fuzzing brute force vulnerabilty discovery. - Includes index

Fuzzing This page intentionally left blank Fuzzing B F V D RUTE ORCE ULNERABILITY ISCOVERY Michael Sutton Adam Greene Pedram Amini Upper Saddle River,NJ • Boston• Indianapolis • San Francisco New York • Toronto •Montreal • London•Munich • Paris • Madrid Cape Town • Sydney • Tokyo • Singapore • Mexico City Many ofthe designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book,and the publisher was aware ofa trademark claim,the designations have been printed with initial capital letters or in all capitals. The author and publisher have taken care in the preparation ofthis book but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions.No liability is assumed for incidental or consequential damages in connection with or arising out ofthe use ofthe information or programs contained herein. The publisher offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales,which may include electronic versions and/or custom covers and content particular to your business,training goals,marketing focus,and branding interests.For more information,please contact: U.S.Corporate and Government Sales 800-382-3419 [email protected] For sales outside the United States,please contact: International Sales [email protected] This Book Is Safari Enabled The Safari® Enabled icon on the cover ofyour favorite technology book means the book is available through Safari Bookshelf.When you buy this book,you get free access to the online edition for 45 days. Safari Bookshelfis an electronic reference library that lets you easily search thousands oftechnical books,find code samples,download chapters,and access technical information whenever and wherever you need it. To gain 45-day Safari Enabled access to this book: • Go to http://www.awprofessional.com/safarienabled • Complete the briefregistration form • Enter the coupon code JZCU-T1UD-VDQ7-SRD7-WZ1E Ifyou have difficulty registering on Safari Bookshelfor accessing the online edition,please e-mail [email protected]. Visit us on the Web:www.awprofessional.com Library ofCongress Cataloging-in-Publication Data: Sutton,Michael,1973– Fuzzing :brute force vulnerability discovery / Michael Sutton,Adam Greene,Pedram Amini.-- 1st ed. p.cm. Includes index. ISBN 0-321-44611-9 (pbk.:alk.paper) 1.Computer security. 2.Computer networks--Security measures. 3.Computer software--Development. I.Greene,Adam,1983– II.Amini,Pedram. III. Title. QA76.9.A25S89 2007 005.8--dc22 2007011463 Copyright © 2007 Pearson Education,Inc. All rights reserved.Printed in the United States ofAmerica.This publication is protected by copyright,and permission must be obtained from the publisher prior to any prohibited reproduction,storage in a retrieval system,or transmission in any form or by any means,electronic,mechanical,photocopying,recording,or likewise.For information regarding permissions,write to: Pearson Education,Inc. Rights and Contracts Department One Lake Street Upper Saddle River,NJ 07458 Fax:(201) 236-3290 ISBN 0-32-144611-9 Text printed in the United States on recycled paper at R.R.Donnelley,Crawfordsville,Indiana First printing,June 2007 This book is dedicated to the two most important women in my life. Mom,without your many sacrifices,nothing would have been possible. This book is only one small example.Amanda,your unwavering love and support inspire me to achieve each and every day.I am truly a fortunate man to be married to such an amazing woman. —Michael Sutton This work is dedicated to my family and friends. Thank you all for your support and patience. —Adam Greene I dedicate this book to George W.Bush,my Commander-in-Chief, whose impressive career advancement despite remedial language skills inspired me to believe that I was capable of authoring a book. —Pedram Amini This page intentionally left blank Contents Foreword xix Preface xxi Acknowledgments xxv About the Author xxvii PART I BACKGROUND 1 Chapter 1 Vulnerability Discovery Methodologies 3 White Box Testing 4 Source Code Review 4 Tools and Automation 6 Pros and Cons 9 Black Box Testing 9 Manual Testing 10 Automated Testing or Fuzzing 12 Pros and Cons 13 Gray Box Testing 14 Binary Auditing 14 Automated Binary Auditing 17 Pros and Cons 18 Summary 19 Chapter 2 What Is Fuzzing? 21 Definition ofFuzzing 21 vii CONTENTS History ofFuzzing 22 Fuzzing Phases 27 Fuzzing Limitations and Expectations 29 Access Control Flaws 29 Poor Design Logic 30 Backdoors 30 Memory Corruption 31 Multistage Vulnerabilities 32 Summary 32 Chapter 3 Fuzzing Methods and Fuzzer Types 33 Fuzzing Methods 33 Pregenerated Test Cases 34 Random 34 Manual Protocol Mutation Testing 35 Mutation or Brute Force Testing 36 Automatic Protocol Generation Testing 36 Fuzzer Types 36 Local Fuzzers 37 Remote Fuzzers 39 In-Memory Fuzzers 42 Fuzzer Frameworks 43 Summary 44 Chapter 4 Data Representation and Analysis 45 What Are Protocols? 45 Protocol Fields 46 Plain Text Protocols 48 Binary Protocols 49 Network Protocols 53 File Formats 54 Common Protocol Elements 57 Name–Value Pairs 57 Block Identifiers 58 Block Sizes 58 Checksums 58 Summary 59 viii CONTENTS Chapter 5 Requirements for Effective Fuzzing 61 Reproducibility and Documentation 62 Reusability 62 Process State and Process Depth 64 Tracking,Code Coverage,and Metrics 66 Error Detection 67 Resource Constraints 69 Summary 69 PART II TARGETSANDAUTOMATION 71 Chapter 6 Automation and Data Generation 73 Value ofAutomation 73 Helpful Tools and Libraries 74 Ethereal/Wireshark 75 libdasm and libdisasm 75 Libnet/LibnetNT 76 LibPCAP 76 Metro Packet Library 76 PTrace 76 Python Extensions 77 Programming Language Choice 77 Data Generation and Fuzz Heuristics 78 Integer Values 79 String Repetitions 82 Field Delimiters 83 Format Strings 85 Character Translation 85 Directory Traversal 86 Command Injection 87 Summary 87 Chapter 7 Environment Variable and Argument Fuzzing 89 Introduction to Local Fuzzing 89 Command-Line Arguments 89 Environment Variables 90 Local Fuzzing Principles 92 Finding Targets 93 UNIX File Permissions Explained 95 ix

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.