英文资料：Fuzzing.pdfVIP

In Memory Fuzzing Real Time Input Tracing and In Memory Fuzzing by sinn3r – /_sinn3r 201 Introduction In memory fuzzing is a technique that allows the analyst to bypass parsers; network-related limitations such as max connections, buit-in IDS or flooding protection; encrypted or unknown (poorly documented) protocol in order to fuzz the actual underlying assembly routines that are potentially vulnerable. This concept will be explained more in the InMemoryFuzzer.py section, but if youre really interested in it, Fuzzing: Brute Force Vulnerability Discovery by Pedram Amini is a great book to read. Prior to the development of my fuzzing toolset, I was unsatisfied (for now) with all the publicly available in memory fuzzers, because most of them are just too basic and require too much prep time in advance – flow analysis, reverse code engineering, etc – which obviously has a high learning curve and time consuming tasks, and most people would rather just stick with traditional fuzzers (which usually can accomplish the exact same thing). Yes, you DO need some reversing skills to make in memory fuzzing useful, but honestly it doesnt really have to be that difficult to start fuzzing and find bugs... as long as you have the right approach. One of the approaches we do here is by tracing user input automatically at real time, and log all the important functions that process that input, and then fuzz them. A proof of concept (Tracer.py and InMemoryFuzzer.py) is also available to download which can be found here: http://redmine.corelan.be:88 /projects/inmemoryfuzzing A video demonstration is also available here that shows how to use in memory fuzzing: /watch?v=YhyFuAfD7C4 Special thanks to: • Peter Van Eeckhoutte, and members of Corelan Security • Offensive Security Exploit Database • dookie2 ca for all the feedback Requirements/Setup: In