zzuf is a transparent application input fuzzer. Its purpose is to find bugs in applications by corrupting their user-contributed data (which more than often comes from untrusted sources on the Internet). It works by intercepting file and network operations and changing random bits in the program’s input. zzuf’s behaviour is deterministic, making it easier to reproduce bugs. Its main areas of use are:
zzuf’s primary target is media players, image viewers and web browsers, because the data they process is inherently insecure, but it was also successfully used to find bugs in system utilities such as objdump.
zzuf is not rocket science: the idea of fuzzing input data is barely new, but zzuf’s main purpose is to make things easier and automated.
zzuf tutorial is a hands-on guide to the most important
zzuf features. It starts with the working principles but goes on with very advanced uses of the tool.
Warning: this tutorial requires
zzuf version 0.11 or later.
The zzuf software consists in two parts:
Here is the global workflow when zzuf fuzzes a process:
zzufreads options from the command line.
zzufwrites fuzzing information to the environment
libzzufinto the called process and executes it
libzzufreads fuzzing information from the envronment
libzzufdiverts standard function calls with its own ones