Fuzzing

Brain dumps on fuzzing, the book and security in general.

Sulley Fuzzing Framework Release

August 02nd, 2007 | Category: Sulley

Success… Caesars hotel connection failed me, but the Hard Rock pulled through. Here are the goods as promised:

Please note that we still have a number of open bug tickets. Submit bugs to me directly and I’ll add it to our internal Trac project.

Last 5 posts by pamini

14 Comments so far

  1. meier August 4th, 2007 4:21 pm

    hmm

    thx a lot.
    is sulley better as peach? which one i should use?

  2. pamini August 6th, 2007 10:22 am

    I don’t think you can classify one as “better” than another. If you want to fuzz COM for example Peach is the way to go. Take a look at both and see what suits your needs.

    I personally think Sulley is easier to use and bundles more functionality for network protocol fuzzing, but your mileage may vary.

  3. multi August 6th, 2007 1:10 pm

    Hello,

    thanks for the tool! For network fuzzing is sulley quite better, not so “complicated” like peach.

    i have a question regarding multiprotocol fuzzing as a built-in mechanism. is that possible? i think this could be a nice feature in your next release.

    smth like:

    GET HTTP/1.0
    Accept-Encoding:

    with some mutations….

  4. no August 6th, 2007 7:07 pm

    i think there’s a bug in your installer, if you change the install path a bunch of stuff (the python installers etc) break on install

    also when to move to python2.5???

  5. g August 7th, 2007 8:25 am

    Once again, Don Amini hits a home run.

  6. Security-Protocols : Computer Security Research » Sulley Fuzzing Framework Release August 7th, 2007 9:17 am

    […] Sulley is a fuzzer development and fuzz testing framework consisting of multiple extensible components. Sulley (IMHO) exceeds the capabilities of most previously published fuzzing technologies, commercial and public domain. The goal of the framework is to simplify not only data representation but to simplify data transmission and target monitoring as well. Sulley is affectionately named after the creature from Monsters Inc., because, well, he is fuzzy. […]

  7. aportnoy August 7th, 2007 11:57 am

    @no:
    The installer is currently … ‘beta’ ;)

    We’re going to upload a tarball of the Sulley source so that you don’t need the installer.

    Should be up by the end of the day today.

    In the meantime, feel free to shoot any bug reports directly to my e-mail rather than posting as comments: aportnoy [at] fuzzing.org

    Thanks!

  8. emf August 13th, 2007 10:10 am

    “We’re going to upload a tarball of the Sulley source […] Should be up by the end of the day today.”

    Still waiting. ;-)

  9. aportnoy August 13th, 2007 2:01 pm

    @emf:
    Sorry ’bout the delay. Posted new code a minute ago.

  10. Dark Reading News Analysis February 1st, 2008 1:29 pm

    Tech Insight: The Buzz Around Fuzzing…

  11. Fuzzers - A list April 10th, 2008 6:45 am

    […] Sulley, last change: 2007-08-02, author: Pedram Amini and Aaron Portnoy […]

  12. new2fuzzing July 7th, 2008 10:06 am

    I’m trying to test a web application that begins with an HTTP request, then redirects to HTTPS. Is there a fuzzer besides Webscarab that can handle SSL over HTTP? Or can I use Spike or Sulley to somehow handle the HTTPS connection?

  13. Rajat Swarup August 1st, 2008 2:02 am

    @new2fuzzing:
    You could use SSL proxy and direct your fuzzer to the localhost:port_number on which SSLProxy listens and redirect the other end of the tunnel to the HTTPS server.
    HTH,
    Rajat.

  14. zhangshuqin May 7th, 2009 8:55 pm

    I’m trying to fuzzing warftp 1.65,but it shows”failed to connecting to 192.168.1.105:21″.I can use the ftp server,
    is there exits some assignment problems?

Leave a reply