Software Testing Basics (Fuzz Testing)
Hey guys, sorry for not being able to post for so long but today we will be talking about new software testing technique called "Fuzz testing", before talking about Fuzz Testing, we will be defining what's "Buffer Overflow" so In computer security and programming, a buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory locations. In simple words suppose a variable can hold 10 spaces but you pass in 11 spaces it will overflow the stack frame and result in memory leaks.
When we define a parameter it passes to the top of the stack as shown above, but if the value of the parameter is larger than the container it leads to buffer overflow and the memory starts leaking it might lead you to saved registers/parameters and if you are able to add a exec () shell at the return address with root or admin previlege you'll be able to do some major damage to the computer, that being out of the way let's proceed to what's Fuzz testing.
When we define a parameter it passes to the top of the stack as shown above, but if the value of the parameter is larger than the container it leads to buffer overflow and the memory starts leaking it might lead you to saved registers/parameters and if you are able to add a exec () shell at the return address with root or admin previlege you'll be able to do some major damage to the computer, that being out of the way let's proceed to what's Fuzz testing.
What is Fuzz Testing?
Fuzz Testing is a type of testing where automated or semi-automated testing techniques are used to discover coding errors and security loopholes in software, operating systems, or networks by inputting invalid or random data called FUZZ to the system. After which the system is monitored for various exceptions, such as crashing down of the system or failing built-in code, etc.
Why to do Fuzz Testing?
- Usually, Fuzz testing finds the most serious security fault or defect.
- Fuzz testing gives more effective result when used with black box testing, beta testing, and other debugging methods.
- Fuzz testing is used to check the Vulnerability of software. It is very cost effective testing techniques.
- Fuzz testing is one of the black box testing technique. Fuzzing is one of the most common method hackers used to find vulnerability of the system.
Fuzz Testing Strategy
The steps for fuzz testing include the basic testing steps-
Step 1) Identify the target system
Step 2) Identify inputs
Step 3) Generate Fuzzed data
Step 4) Execute the test using fuzz data
Step 5) Monitor system behavior
Step 6) Log defects
Testing strategy for fuzz testing
- Mutation-Based Fuzzers alter existing data samples to create new test data. This is very simple and straight forward approach, this starts with valid samples of protocol and keep mangling every byte or file.
- Generation-Based Fuzzers define new data based on the input of the model. It starts generating input from the scratch based on the specification.
- PROTOCOL-BASED-FUZZER, the most successful fuzzer is to have detailed knowledge of protocol format being tested. The understanding depends on the specification. It involves writing an array of the specification into the tool then by using model-based test generation technique go through the specification and add irregularity in the data contents, sequence, etc. This is also known as syntax testing, grammar testing, robustness testing, etc. Fuzzer can generate test cases from existing one, or they can use valid or invalid inputs.
Types of bugs detected by Fuzz Testing
- Assertion failures and memory leaksThis methodology is widely used for large applications where bugs are affecting the safety of memory, which is a severe vulnerability.
- Invalid inputIn fuzz testing, fuzzers are used to generate an invalid input which is used for testing error-handling routines, and this is important for the software which does not control its input. Simple fuzzing can be known as a way to automate negative testing.
- Correctness bugsFuzzing can also be used to detect some types of "correctness" bugs. Such as a corrupted database, poor search results, etc.
Now let's have some tutorial that you can actually do yourself.
1).Run web server on local machine
2).Issue malformed requests (ending with “$$$$$” )
3).Many automated tools exist (called fuzzers)
4).If web server crashes,search core dump for “$$$$$” to find overflow location
once you find the overflow location you can use "exec()" command to inject malicious shell and thus exploit the system according to your needs by maybe making even a back door.
Thank You!
This comment has been removed by the author.
ReplyDeletekeep it up dude. you are doing a great job.
ReplyDeleteThank you very much
Delete