Wednesday, September 19, 2007

QueFuzz

**Update: New version is out (v06), supports a fuzzing template file - source is here

Its a very basic C program that utilizes the libnetfilter_queue library to turn any networked application into a fuzzer. It basically works like this:

- You set a specific iptables QUEUE rule like so:
$iptables -A OUTPUT -p tcp --dport 110 -j QUEUE
- Start it like so:
'$./quefuzz -a -v -c USER'
or
'$./quefuzz -b -v -f 3'
- Open your POP3 client and connect to the POP server you want to fuzz
- QueFuzz picks up your packets using libnetfilter_queue, fuzzes them and sends them on the wire

This works with any protocol/port. If netfilter/iptables can queue it, QueFuzz can fuzz it.

QueFuzz has no protocol awareness, it expects to receive a proper packet. It has minimal command line flags such as whether or not the protocol you want to fuzz is binary or ascii, or both. If the protocol is TCP or UDP, QueFuzz will skip those headers appropriately and start fuzzing the packet data. If the protocol is not TCP or UDP then it starts fuzzing immediately after the IP header.

A lot of work is needed on the tool. It was never meant to be protocol aware or intelligent, but it could certainly be cleaner. It is BETA code at best, so use at your own risk. I can guarantee its full of bugs (probably some bad ones) - so be careful! I literally whipped it up in a couple of hours. Ill be refining it over the next few weeks and releasing updates. Feel free to send me patches and suggestions by email.

QueFuzz is released under the GPLv2 as is libnetfilter_queue. Some checksum routines are released under BSD-3 license from various sources.

You can download the beta code here Enjoy

3 comments:

Anonymous said...

The download link doesn't seem to be working. I get a message saying "This site has been temporarily disabled. If you are the owner of the site, please contact customer care."

Any chance you could post the code elsewhere? I'm doing some testing, and FITS would be very helpful.

Thanks!

Chris Rohlf said...

link to code

Peter Teoh said...

https://code.google.com/p/quefuzz/