Fuzzing tool: Mutate integer within predefined range?

272 views Asked by At

I am newbie to fuzzing tools, and basically, I would like to use fuzzing tool to test a specific function.

Essentially, this function has three input parameter, and each parameter is a number, with range 0 to 0xffff.

I would like to use a fuzzing tool to generate random input combinations, and test the target function. However, I tried zzuf, but find that it does not have a specific setting on mutating integer value..

So I am looking for a fuzzer, that supports to only mutate integer value, within a predefined range? Could anyone give me some help on this issue? Am I clear enough? Thank you.

1

There are 1 answers

0
MByD On BEST ANSWER

This can be done with many tools, among them Kitty (developed by my team).

Assuming you want to generate the number with decimal representation, the following template will generate them for you (values will be comma-separated):

from kitty.model import *
t = Template(name='function inputs', fields=[
    S32(name='p1', value=1, min_value=-500, max_value=1000, encoder=ENC_INT_DEC),
    Static(','),
    ForEach(name='p2', mutated_field='p1',
            fields=S32(value=2, min_value=-3200, max_value=5098, encoder=ENC_INT_DEC)),
    Static(','),
    ForEach(name='p3', mutated_field='p2',
            fields=S32(value=3, min_value=0, max_value=999, encoder=ENC_INT_DEC))
])

while t.mutate():
    print t.render().tobytes()

Some example results:

-1,2,3
129,1026,3
129,130,3
129,18,3
129,-3200,3
129,5098,3
129,-3199,3
129,5097,3
129,-3198,3
129,5096,3
129,3,3
129,1,3
129,4,3
129,0,3
17,1026,3
17,130,3
17,18,3
17,-3200,3
17,5098,3
17,-3199,3