Fuzzes network servers/services by intercepting valid network communication data, then replay it with some fuzzing.
FFW can fuzz open source applications and supports feedback driven fuzzing by instrumenting honggfuzz, for both open- and closed source apps.
In comparison with the alternatives, FFW is the most advanced, feature-complete and tested network fuzzer.
Presented at security conference Area 41 2018.
Easiest way to start is to use the docker image:
By doing so:
docker run -ti --privileged -lxc-conf="aa_profile=unconfined" dobin/ffw:0.1
Examples are located in
git clone https://github.com/dobin/ffw.git cd ffw/
Note: Manually installed dependencies are expected to live in
ffw/ directory (e.g. honggfuzz, radamsa).
If its a fresh Ubuntu, install relevant packages for FFW:
apt-get install python python-pip gdb
apt-get install clang binutils-dev libunwind8-dev
And python dependencies:
pip install -r requirements.txt
$ git clone https://github.com/aoh/radamsa.git $ cd radamsa $ make
Default Radamsa directory specified in ffw is
Steps involved in setting up a fuzzing project:
For a step-by-step guide:
python -m unittest discover
Test a single module:
python -m unittest test.test_interceptor
Available via https://github.com/denandz/fuzzotron. "Fuzzotron is a simple network fuzzer supporting TCP, UDP and multithreading."
Support network fuzzing, also uses Radamsa. Can use coverage data, but it is experimental.
Available via https://github.com/Cisco-Talos/mutiny-fuzzer. "The Mutiny Fuzzing Framework is a network fuzzer that operates by replaying PCAPs through a mutational fuzzer."