Skip to content

warsang/ffw

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

186 Commits

clientfuzzer

clientfuzzer

 
 

docs

docs

 
 

fuzzer

fuzzer

 
 

honggmode

honggmode

 
 

network

network

 
 

template

template

 
 

test_client

test_client

 
 

uploader

uploader

 
 

verifier

verifier

 
 

vulnserver

vulnserver

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

defaultconfig.py

defaultconfig.py

 
 

framework.py

framework.py

 
 

gui.py

gui.py

 
 

printpickle.py

printpickle.py

 
 

requirements.txt

requirements.txt

 
 

serverutils.py

serverutils.py

 
 

todo.txt

todo.txt

 
 

utils.py

utils.py

 
 

Repository files navigation

FFW - Fuzzing For Worms

Fuzzes network servers/services by intercepting valid network communication data, then replay it with some fuzzing.

FFW can fuzz open source applications, and also closed source applications. It also supports feedback driven fuzzing by instrumenting honggfuzz, for both open- and closed source apps.

In comparison with the alternatives, FFW is the most advanced, feature-complete and tested network fuzzer.

Features:

  • Fuzzes all kind of network protocol (HTTP, MQTT, SMTP, you name it)
  • No modification of the fuzzing target needed (at all)
  • Can fuzz open- and closed-source projects
  • Has feedback-driven fuzzing (with compiler support, or hardware based)
  • Can fuzz network clients too (wip)
  • Fast fuzzing setup (no source code changes or protocol reversing needed!)
  • Reasonable fuzzing performance

Installation

Get FFW

git clone https://github.com/dobin/ffw.git
cd ffw/

Install FFW dependencies

pip install -r requirements.txt

Install Radamsa fuzzer

$ git clone https://github.com/aoh/radamsa.git
$ cd radamsa
$ make

Default Radamsa directory specified in ffw is ffw/radamsa.

Setup a project

Steps involved in setting up a fuzzing project:

  • Create directory structure for that fuzzing project by copying template folder
  • Copy target binary to bin/
  • Specify all necessary information in the config file fuzzing.py
  • Start interceptor-mode to record traffic
  • Start test-mode to verify recorded traffic (optional)
  • Start fuzz-mode to fuzz
  • Start verify-mode to verify crashed from the fuzz mode (optional)
  • Start upload-mode to upload verified crashes to the web (optional)

For a step-by-step guide:

Alternatives

Fuzzotron

Available via https://github.com/denandz/fuzzotron. "Fuzzotron is a simple network fuzzer supporting TCP, UDP and multithreading."

Support network fuzzing, also uses Radamsa. Can use coverage data, but it is experimental.

Con's:

  • Does not restart target server
  • Unreliable crash detection
  • Experimental code coverage

Mutiny

Available via https://github.com/Cisco-Talos/mutiny-fuzzer. "The Mutiny Fuzzing Framework is a network fuzzer that operates by replaying PCAPs through a mutational fuzzer."

Con's:

  • No code coverage
  • Only one commit (no development?)
  • Rudimentary crash detection

FAQ

Can i fuzz windows binaries?

No.

Can i fuzz closed source binaries?

Yes.

About

A fuzzing framework for network servers

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 95.0%
  • C 4.5%
  • Makefile 0.5%