8. Environment Variable and Argument Fuzzing: Automation
“Those weapons of mass destruction have got to be somewhere!”
—George W. Bush, Washington, DC, March 24, 2004
This chapter introduces iFUZZ, a program that implements fuzzing for local applications. The main targets here are command-line arguments and environment variables in setuid
UNIX programs, which were discussed in Chapter 7, “Environment Variable and Argument Fuzzing.” In this chapter, we discuss the features of iFUZZ, explain the design decisions, and discuss how iFUZZ was used to uncover numerous local vulnerabilities in IBM AIX 5.3.
Features of iFUZZ Local Fuzzer
iFUZZ contains several features you might have envisioned for a local fuzzer. Among these features ...
Get Fuzzing: Brute Force Vulnerability Discovery now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.