SecurityTubeBeta
Watch ... Learn ... Contribute
securitytube home
securitytube videos
securitytube questions
securitytube news
securitytube tools
divider
upload video on SecurityTube
 
 
Video Categories:
Security Basics
Programming
Security Tools
Fun

Sfuzz Fuzzer Demo
 
 

Sfuzz is a simple fuzzer which can be used for quick and dirty fuzzing experiments, where ones does not need a very advanced functionality or flexibility, like in the SPIKE fuzzer. Though, Sfuzz is in no way a replacement for SPIKE, once can very quickly hack together simple fuzzing tests using it. In this video, we will look at a demo of how to get started with Sfuzz. We will do 2 demonstrations - the first we will use one of the sample configuration scripts which come with Sfuzz for HTTP fuzzing, the second will be a demo of how one can find a remote buffer overflow using a fuzzing attack.

Architecturally, fuzzers generally consist of 2 different parts - the "fuzzed" payload generator and the payload transporter (over a network or to stdout). Sfuzz's payload generator is very simple with low configurability  and the payload transporter allows for delivery over TCP/UDP/Stdout. Overall, its a nifty little tool and definitely recommended for newbies to the world of fuzzing and for doing simple fuzzing tasks.

You can download the tool here and visit the author Aaron Conole's website here.

 

 
Related Videos from: Fuzzing Attacks for Security and Hacking
divider
You are Viewing this Video Now!
3753 views

Author
Vivek-Ramachandran

Vivek Ramachandran is a security evangelist and has been working in computer security related fields for the past 7 years. In 2007, Vivek spoke at world renowned conferences Defcon (WEP Cloaking Exposed) and Toorcon (The Caffe Latte Attack). The discovery of the Caffe Latte Attack was covered by CBS5 news, BBC online, Network World etc news agencies.In 2006, Vivek was announced as one of winners of the Microsoft Security Shootout contest held in India among 65,000 participants. He has also been a recipient of a Team Achievement at Cisco Systems for his work on 802.1x and Port Security modules on the Catalyst 6500 switches. Currently he spends all of his time maintaining Security- Freak.Net , SecurityTube.Net and is the co-founder of Axonize. Vivek, is a Bachelor in Electronics and Communications Engineering from the prestigious Indian Institute of Technology, Guwahati.You can contact him at vivek[at]securitytube.net

 
©2007 Freak Labs