Fuzzing: Brute Force Vulnerability Discovery

8. Environment Variable and Argument Fuzzing: Automation

“Those weapons of mass destruction have got to be somewhere!”

—George W. Bush, Washington, DC, March 24, 2004

This chapter introduces iFUZZ, a program that implements fuzzing for local applications. The main targets here are command-line arguments and environment variables in setuid UNIX programs, which were discussed in Chapter 7, “Environment Variable and Argument Fuzzing.” In this chapter, we discuss the features of iFUZZ, explain the design decisions, and discuss how iFUZZ was used to uncover numerous local vulnerabilities in IBM AIX 5.3.

Features of iFUZZ Local Fuzzer

iFUZZ contains several features you might have envisioned for a local fuzzer. Among these features ...

Get Fuzzing: Brute Force Vulnerability Discovery now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Fuzzing: Brute Force Vulnerability Discovery by Michael Sutton, Adam Greene, Pedram Amini

8. Environment Variable and Argument Fuzzing: Automation

Features of iFUZZ Local Fuzzer

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly