O'Reilly logo

Fuzzing: Brute Force Vulnerability Discovery by Pedram Amini, Adam Greene, Michael Sutton

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 8. Environment Variable and Argument Fuzzing: Automation

 

“Those weapons of mass destruction have got to be somewhere!”

 
 --George W. Bush, Washington, DC, March 24, 2004

This chapter introduces iFUZZ, a program that implements fuzzing for local applications. The main targets here are command-line arguments and environment variables in setuid UNIX programs, which were discussed in Chapter 7, “Environment Variable and Argument Fuzzing.” In this chapter, we discuss the features of iFUZZ, explain the design decisions, and discuss how iFUZZ was used to uncover numerous local vulnerabilities in IBM AIX 5.3.

Features of iFUZZ Local Fuzzer

iFUZZ contains several features you might have envisioned for a local fuzzer. Among these features is an engine ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required