Security-Protocols

QueFuzz is a small fuzzer that uses libnetfilter_queue to take in packets from iptables. It’s fuzzing engine either randomly fuzzes binary or ASCII protocols or uses a basic fuzzing template to search and replace packet data. QueFuzz has a very short learning curve, unlike many other fuzzing frameworks. It may not be as powerful but you can have it up and running in under a minute.

Unlike other fuzzers QueFuzz is not focused on data generation. It relies on a valid application to generate the data and instead just mutates the network traffic inline and passes it on.

Below is an example:

1. Setup an iptables rule that queues all outgoing packets with a TCP dst port of 21.

iptables -A OUTPUT -p tcp –dport 21 -j QUEUE

2. Start QueFuzz with an FTP template that looks like this

replace USER USERRRRRRRRRRRRRRRRRRRRRRR
replace PASS PAS%nSSSSS%nSSSSS
$./quefuzz -t ftp.fuz

3. Open your FTP client, and connect to your server as normal. QueFuzz takes care of the packet mutation inline, all you have to do is monitor your server with a debugger for any potential crashes.

QueFuzz was created by Chris Rohlf.

QueFuzz Project page:
http://code.google.com/p/quefuzz/