Skip to content

Starter's Guide: Writing a Fuzzer

Jump to bottom
Mario edited this page Jan 8, 2020 · 4 revisions

How do I start writing a fuzzer?

The first step is to create a class that inherits from IFuzzer, and implements its methods. For this example we will make the easiest possible fuzzer, with just an static element and a string:

Let's start making the easiest possible fuzzer. We need to set a name property, and implement two static methods, define_nodes, which defines the requests of our fuzzer and get_requests, which defines which requests and "paths" are provided by the fuzzer:

from fuzzowski import *
from fuzzowski.fuzzers import IFuzzer


class ExampleFuzzer(IFuzzer):
    name = 'example_fuzzer'  # This is how the fuzzer is named in the 
                             # Fuzzowski Arguments, with the -f option

    @staticmethod
    def get_requests() -> List[callable]:
        """Get possible requests, returns a list of all the 
           callables which connects the paths to the session
        """
        return [ExampleFuzzer.example_request]

    @staticmethod
    def define_nodes(*args, **kwargs) -> None:
        """This method define all the possible requests, 
        it is called when loading a fuzzer
        """
        s_initialize('example_request')
        s_static(b"Hello ")
        s_string(b"World", name='first_string')

    # ================================================================#
    # Callable methods to connect our requests to the session         #
    # ================================================================#

    @staticmethod
    def example_request(session: Session) -> None:
        session.connect(s_get('example_request'))

In this case, we are only creating a fuzzer with one request ("example_request") which sends a string, which defaults to "Hello". The get_requests method give access to the method example_request, which connects our first request to the session.

Once this fuzzer is created, it can be placed in the fuzzers folder to be loaded automatically, or can be loaded from an external location with the -i parameter, as shown below:

python -m fuzzowski -p tcp localhost 31337 -i examples/example_fuzzer.py -f example_fuzzer -r example_request

image

For an extremely simple fuzzer as the one in the example above, and even easier methos would be to use the "raw" fuzzer, which allows to set fuzzers with just static and string primitives using the command line, as shown in the example below:

python -m fuzzowski -p tcp localhost 31337 -f raw -r 'Hello {{World}}'

image

As another example of a very simple fuzzer, we can see a video below of a very simple fuzzer that will fuzz the HTTP method and path of an HTTP Request:

asciicast

Clone this wiki locally