source: zzuf/trunk/README @ 1513 Tweet

$Id: README 1513 2006-12-23 18:37:52Z sam $

1. About Zzuf

Zzuf is a transparent application input fuzzer. It works by intercepting
file operations and changing random bits in the program's input. Zzuf's
behaviour is deterministic, making it easy to reproduce bugs.


2. Example

Fuzz the input of the "cat" program using default settings:

  # zzuf cat /etc/motd

Fuzz 1% of the input bits of the "cat" program using seed 94324:

  # zzuf -s 94324 -r 0.01 cat /etc/motd

Fuzz the input of the "convert" program, using file foo.jpeg as the original
input and restricting fuzzing to filenames matching the regular expression
"foo[.]jpeg" (because convert will also open its own configuration files and
we do not want zzuf to fuzz them):

  # zzuf -i 'foo[.]jpeg' convert -- foo.jpeg -format tga /dev/null

Fuzz the input of VLC, using file movie.avi as the original input, and
generate fuzzy-movie.avi which is a file that can be fed to VLC to reproduce
the behaviour without using zzuf:

  # zzuf -s 87423 -r 0.01 vlc movie.avi

  # zzuf -s 87423 -r 0.01 cp movie.avi fuzzy-movie.avi
  # vlc fuzzy-movie.avi

Fuzz mplayer's input with seeds 0 to 9999, launching up to 3 simultaneous
child processes and killing mplayer if it takes more than one minute to read
the file:

  # zzuf -q -s 0:10000 -F 3 -T 60 -r 0.02 -i movie.avi \
         mplayer movie.avi -- -benchmark -vo null -fps 1000