Re: [Full-disclosure] List of Fuzzers

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dear list,

Which fuzzer on this list will help me find the most security
exploits?

Thanks,
- -bm

On Fri, 06 Mar 2009 18:37:01 -0500 Jeremy Brown
<0xjbrown41@xxxxxxxxx> wrote:
Don't act like you've gave any constructive advice to anyone in
your life.

Thanks for trolling, please don't come again.

On Fri, Mar 6, 2009 at 6:21 PM, Pete Licoln
<pete.licoln@xxxxxxxxx> wrote:
Ok cool, then keep it up Jeremy.
At least you wont be able to say no one told you.

2009/3/6 Jeremy Brown <0xjbrown41@xxxxxxxxx>

I consider you a loser, Pete/Julio/Loser.

On Fri, Mar 6, 2009 at 3:03 PM, Pete Licoln
<pete.licoln@xxxxxxxxx> wrote:
Well .. what i say is true.
If you cant argue on the subject then shut the hell up.


2009/3/6 Rubén Camarero <rjcamarero@xxxxxxxxx>

Dont satisfy this idiot with a response, thats what he
likes..
Everybody
knows Petie is a troll on every list just use google

On Fri, Mar 6, 2009 at 10:56 AM, Jeremy Brown
<0xjbrown41@xxxxxxxxx>
wrote:

The reason anyone writes a fuzzer is to find bugs. Those
that I have
written are of course for the same purpose as the 101
listed: to find
security bugs. Your ideas are as meaningless and unhelpful
as they
have been in the past. You have no goal but to troll and
try to make
people look like fools, but you are clearly the ignorant
one.

What have you ever written? Let us see some of your code to
poke fun
of. If it is as imperfect as you then we'd have a day of
fun.

What's hilarious is that none of them are usefull :)

http://www.milw0rm.com/author/1531
http://www.milw0rm.com/author/1835

90% of the research above were found by fuzzing, and those
are public.
Clearly my fuzzers are useful.

You should really learn the protocol you want to fuzz, and
develop a
strategy before you create anything else.

Although mistakes are inevitable, and seeming how the stuff
I write
are pretty coherent to the protocol, your statements, once
again, are
unjustifiable. The strategy is simple: gather points of
input, fuzz
them, and watch for exceptions. Obviously.

Every fuzzer you've made use the SAME way to ""fuzz"" for
differents
app/protocol.

Because using a fuzzing oracle is a very good way to
identify security
bugs. Throwing random data will surely find lots of
programming
errors, but I want a shell.

The only change i see is your last fuzzer .. written in a
different
language, but still the same way ...

Yeah, I wrote it in C, and implemented a fuzzing oracle
that way. I
probably put 100 hours into it, and it gave back some nice
return. As
like the others.

So, "what ever your real name is", I will continue to write
fuzzers
and exploits. If you comments are meant to bend my attitude
or
research rather than to troll, you don't have a chance, so
get on with
your life and I will get on with mine. What a conclusion.


On Fri, Mar 6, 2009 at 10:22 AM, Pete Licoln
<pete.licoln@xxxxxxxxx>
wrote:
What's hilarious is that none of them are usefull :)
You should really learn the protocol you want to fuzz,
and develop a
strategy before you create anything else.
Every fuzzer you've made use the SAME way to ""fuzz"" for
differents
app/protocol.

The only change i see is your last fuzzer .. written in a
different
language, but still the same way ...

2009/3/5 Jeremy Brown <0xjbrown41@xxxxxxxxx>

That is hilarious LOL!

On Thu, Mar 5, 2009 at 11:14 PM, Pete Licoln
<pete.licoln@xxxxxxxxx>
wrote:
11 fuzzers matchs for Jeremy Brown on this page LOL !

2009/3/5 Krakow Labs <krakowlabs@xxxxxxxxx>

Krakow Labs maintains a current list of security
driven fuzzing
technologies.

http://www.krakowlabs.com/lof.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-
charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-
charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-
charter.html
Hosted and sponsored by Secunia - http://secunia.com/




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-
charter.html
Hosted and sponsored by Secunia - http://secunia.com/



--
Rubén Camarero
CCNA, CISSP

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-
charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-
charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 3.0

wpwEAQMCAAYFAkmxtgcACgkQT2/djsYXr/IXigQAgDdkR+dskgmYHYPQeCcKe3QlT7xf
w0eZDSu0ecbO2vXy0oicANDezPfZDuadwtB6L8Cwoon04gfjVYxTr6GyyvW7hUmAaLt9
7GEL/Hh2/cL5rzSzz9mDNOUFrU0S8VanhMVvwjXKtFWNzAWiwfj26lvb8KVRlwfNGlP3
gVnFnbE=
=Sy3u
-----END PGP SIGNATURE-----

--
Be a Certified Nursing Assistant. Get local training today.
http://tagline.hushmail.com/fc/BLSrjkqoiOCPCoMRK9ZgmTNsCtwOZXGIyrzJkWo3YmH0IyTAFJVy7s9Krni/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages

  • Re: [Full-disclosure] List of Fuzzers
    ... valid to use someone else's fuzzing framework against one's own ... I see "Which fuzzer on this list will help me find the most ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure- ...
    (Full-Disclosure)
  • Re: [Full-disclosure] List of Fuzzers
    ... The reason anyone writes a fuzzer is to find bugs. ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure- ... Hosted and sponsored by Secunia - http://secunia.com/ ...
    (Full-Disclosure)
  • Re: [Full-disclosure] Browser Fuzzer 2
    ... I think this fuzzer is useless, and doesn't have any kind of innovation. ... That is one point I would like to get across: fuzzing doesn't have ... > Full-Disclosure - We believe in it. ... > Charter: http://lists.grok.org.uk/full-disclosure-charter.html ...
    (Full-Disclosure)
  • [Full-disclosure] UNIX man pages based fuzzing
    ... A simple man page based fuzzer ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
    (Full-Disclosure)
  • Re: [Full-disclosure] List of Fuzzers
    ... int authenticate(char* username, char* password) { ... that fuzzing has its limitations (that can be fixed and applied like ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure- ...
    (Full-Disclosure)