Introduction to fuzzing
Any time that an application allows for input, be it directly from the user such as when entering credentials, opening a file, or even from changing the data in RAM, there is a chance that the input can be used to cause havoc. Attackers will not spend hours, or days typing away (well, some might!) at a username and password prompt or an unknown connection to an obscure port. Instead, they will take advantage of tools that are focused on exactly this taskâwelcome to the world of fuzzers.
A fuzzer will typically be used to generate and output data; this data could be manipulated and formatted in various ways and there are published algorithms that assist in making the job even easier.
Note
Keep in mind that input is a very broad term. When thinking about input vectors be sure to consider every method of input available to the application being tested. Something as seemingly trivial as streaming a song or even reading a filename could provide possible attack vectors.
Whenever...