I was reading this article (How I nearly almost saved the Internet, starring afl-fuzz and dnsmasq » SkullSecurity) [1] (link via Hacker News [2]) about fuzz testing [3] a DNS (Domain Name Service) server and when I saw that the problematic packets that caused the program to crash could be downloaded [4], I figured I would give them a try against my own DNS parsing code [5].
My code did not crash, which is what I expected given that some of the tests I did included throwing random data. But I might have to install afl-fuzz (American fuzzy lop) [6] and play around with it. I'd really love to throw afl-fuzz at the Protocol Stack From Hell™ [7], and while it would be cathartic, in a way, that's like shooting already dead fish in a wine barrel with a double barrel shot-gun at point-blank range.
=> [1] https://blog.skullsecurity.org/2015/how-i-nearly-almost-saved-the-internet-starring-afl-fuzz-and-dnsmasq | [2] https://news.ycombinator.com/item?id=9897159 | [3] https://en.wikipedia.org/wiki/Fuzz_testing | [4] https://blogdata.skullsecurity.org/fuzz_dnsmasq.tar.bz2 | [5] https://github.com/spc476/SPCDNS | [6] http://lcamtuf.coredump.cx/afl/ | [7] /boston/2012/01/30.2
=> Gemini Mention this post | Contact the author This content has been proxied by September (3851b).Proxy Information
text/gemini