Boofuzz – Network Protocol Fuzzing

Boofuzz is a fork of and the successor to the Sulley fuzzing framework. Besides numerous bug fixes, boofuzz aims for extensibility, with the eventual goal of being able to fuzz literally anything. Sulley has been the preeminent open source fuzzer for some time, but has fallen out of maintenance.

Features

Like Sulley, boofuzz incorporates all the critical elements of a fuzzer:

  • Easy and quick data generation.
  • Instrumentation – AKA failure detection.
  • Target reset after failure.
  • Recording of test data.

Unlike Sulley, boofuzz also features:

  • Online documentation.
  • Support for arbitrary communications mediums.
  • Built-in support for serial fuzzing, ethernet- and IP-layer, UDP broadcast.
  • Better recording of test data — consistent, thorough, clear.
  • Test result CSV export.
  • Extensible instrumentation/failure detection.
  • Much easier install experience!
  • Far fewer bugs.

 

Prerequisites

Boofuzz requires Python. Recommended installation requires pip.

Ubuntu: sudo apt-get install python-pip

Make sure to get Python 2.x instead of 3.x (pip is included).

 

Install

pip install boofuzz

 

From Source

  1. Download source code: https://github.com/jtpereyda/boofuzz
  2. Install. Run pip from within the boofuzz directory:
    • Ubuntu: sudo <span">pip install .
    • Windows: pip install .

Tips:

  • Use the -e option for developer mode, which allows changes to be seen automatically without reinstalling:
    `sudo pip install -e .`
  • To install developer tools (unit test dependencies, test runners, etc.) as well:
    `sudo pip install -e .[dev]`
  • If you’re behind a proxy:
    `set HTTPS_PROXY=http://your.proxy.com:port`
    • On Linux, also use sudo’s -E option:
      sudo -E pip install -e .

 

Network Protocol Fuzzing: boofuzz Documentation

Network Protocol Fuzzing: boofuzz Download

Leave a Reply

Your email address will not be published. Required fields are marked *