DUE TO SPAM, SIGN-UP IS DISABLED. Goto Selfserve wiki signup and request an account.
...
You have to add an iptables rule to prevent outgoing RST packets from
the OS's networking stack which does nothing know about our test connection.
...
When sending a 3-way handshake only, the target should time out
and reset the connection.
...
With simulating packet loss one can test the retransmission behaviour re-transmission behavior of the
target stack.
To start packet loss:
...
For fuzz testing network applications the excellent
SPIKE tool
tool can be used.
To make it compile under Ubuntu 14.04 LTS you have to add
-fno-stack-protector to CFLAGS in src/Makefile.in.
SPIKE complained about missing SSL libs. I simply linked the
existing to the needed filenames:
...
Maybe those lib versions aren't the expected by SPIKE but if you don't
use SSL it works fine.
SPIKE provides a proxy server to record requests to your web
application. Based on these requests a application specific fuzz test
can be generated.
| Code Block |
|---|
~/SPIKE/src$ mkdir requests && cd requests # Record requests to the target at 192.168.2.135 on port 80 ~/SPIKE/src/requests$ ../webmitm -t 192.168.2.135 -p 80 |
Now use your web applicaiton through localhost to record some
requests. Then you can generate your application specific fuzz test
from the recorded requests.
...