- Timestamp:
- Jan 5, 2007, 1:24:43 AM (14 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
zzuf/trunk/doc/zzuf.1
r1558 r1559 25 25 relevant behaviour on the standard output, eg: 26 26 .PP 27 .RS 28 .nf 29 \fBzzuf cat /dev/zero\fR 30 .fi 31 .RE 32 .PP 33 If you want to specify flags for your application, put a '\fB\-\-\fR' 27 \fB zzuf cat /dev/zero\fR 28 .PP 29 If you want to specify flags for your application, put a \(oq\fB\-\-\fR\(cq 34 30 marker before them on the command line (otherwise \fBzzuf\fR will try to 35 31 interpret them as arguments for itself), eg: 36 32 .PP 37 .RS 38 .nf 39 \fBzzuf \-B 1000 cat \-\- \-v /dev/zero\fR 40 .fi 41 .RE 33 \fB zzuf \-B 1000 cat \-\- \-v /dev/zero\fR 42 34 .SH OPTIONS 43 35 .TP … … 50 42 Only fuzz files whose name is specified in the target application's command 51 43 line. This is mostly a shortcut to avoid specifiying twice the argument: 52 \fBzzuf \-c cat file.txt\fR has the same effect as \fBzzuf \-I 53 \(dq^file\\.txt$\(dq cat file.txt\fR. See the \fB\-I\fR flag for more 54 information. 44 45 \fB zzuf \-c cat file.txt\fR 46 47 has the same effect as 48 49 \fB zzuf \-I \(aq^file\\.txt$\(aq cat file.txt\fR 50 51 See the \fB\-I\fR flag for more information. 55 52 .TP 56 53 \fB\-d\fR, \fB\-\-debug\fR … … 105 102 .TP 106 103 \fB\\\\\fR 107 backslash ( '\\')104 backslash (\(oq\\\(cq) 108 105 .RE 109 106 .IP 110 You can use '\fB-\fR' to specify ranges. For instance, to protect all bytes 111 from '\fB\\x01\fR' to ' ', use '\fB\-P \(dq\\x01- \(dq\fR'. 107 You can use \(oq\fB-\fR\(cq to specify ranges. For instance, to protect all 108 bytes from \(oq\fB\\x01\fR\(cq to \(oq \(cq, use 109 \(oq\fB\-P\ \(aq\\x01-\ \(aq\fR\(cq. 112 110 113 111 The statistical outcome of this option should not be overlooked. Because … … 115 113 fuzz it even if only one byte of data was received, protecting characters 116 114 may change the meaning of the \fB\-r\fR flag depending on the data being 117 fuzzed. For instance, asking to fuzz 1% of input bits and to protect118 lowercase characters (using '\fB\-r 0.01 \-P a-z\fR') will result in an119 a ctual average fuzzing ratio of 0.9% with truly random data, 0.3% with120 random ASCII data and 0.2% with a normalEnglish text.115 fuzzed. For instance, asking to fuzz 1% of input bits (\fB\-r\ 0.01\fR) 116 and to protect lowercase characters (\fB\-P\ a-z\fR) will result in 117 an actual average fuzzing ratio of 0.9% with truly random data, 0.3% with 118 random ASCII data and 0.2% with a standard English text. 121 119 122 120 See also the \fB\-R\fR flag. … … 179 177 Fuzz the input of the \fBcat\fR program using default settings: 180 178 .PP 181 .RS 182 .nf 183 \fBzzuf cat /etc/motd\fR 184 .fi 185 .RE 179 \fB zzuf cat /etc/motd\fR 186 180 .PP 187 181 Fuzz 1% of the input bits of the \fBcat\fR program using seed 94324: 188 182 .PP 189 .RS 190 .nf 191 \fBzzuf -s 94324 -r 0.01 cat /etc/motd\fR 192 .fi 193 .RE 183 \fB zzuf -s 94324 -r 0.01 cat /etc/motd\fR 194 184 .PP 195 185 Fuzz the input of the \fBcat\fR program but do not fuzz the newline character 196 186 and prevent non-ASCII characters from appearing in the output: 197 187 .PP 198 .RS 199 .nf 200 \fBzzuf -P \(dq\\n\(dq -R \(dq\\0-\\x1f\\x7f-\\xff\(dq cat /etc/motd\fR 201 .fi 202 .RE 188 \fB zzuf -P \(aq\\n\(aq -R \(aq\\0-\\x1f\\x7f-\\xff\(aq cat /etc/motd\fR 203 189 .PP 204 190 Fuzz the input of the \fBconvert\fR program, using file \fBfoo.jpeg\fR as the … … 207 193 want \fBzzuf\fR to fuzz them): 208 194 .PP 209 .RS 210 .nf 211 \fBzzuf -E \(dq\\.xml$\(dq convert -- foo.jpeg -format tga /dev/null\fR 212 .fi 213 .RE 195 \fB zzuf -E \(aq\\.xml$\(aq convert -- foo.jpeg -format tga /dev/null\fR 214 196 .PP 215 197 Fuzz the input of \fBvlc\fR, using file \fBmovie.avi\fR as the original input 216 198 and restricting fuzzing to filenames that appear on the command line 217 (\fB\-c\fR), then generate \fBfuzzy-movie.avi\fR which is a file that can 218 be read by \fBvlc\fR to reproduce the same behaviour without using \fBzzuf\fR: 219 .PP 220 .RS 221 .nf 222 \fBzzuf -c -s 87423 -r 0.01 vlc movie.avi\fR 223 \fBzzuf -c -s 87423 -r 0.01 cp movie.avi fuzzy-movie.avi\fR 224 \fBvlc fuzzy-movie.avi\fR 225 .fi 226 .RE 227 .PP 228 Fuzz 2% of \fBmplayer\fR's input bits (\fB\-r 0.02\fR) with seeds 0 to 9999 229 (\fB\-s 0:10000\fR), disabling its standard output messages (\fB\-q\fR), 230 launching up to three simultaneous child processes (\fB\-F 3\fR), killing 231 \fBmplayer\fR if it takes more than one minute to read the file (\fB\-T 60\fR) 199 (\fB\-c\fR), then generate \fBfuzzy-movie.avi\fR which is a file that 200 can be read by \fBvlc\fR to reproduce the same behaviour without using 201 \fBzzuf\fR: 202 .PP 203 \fB zzuf -c -s 87423 -r 0.01 vlc movie.avi\fR 204 \fB zzuf -c -s 87423 -r 0.01 cp movie.avi fuzzy-movie.avi\fR 205 \fB vlc fuzzy-movie.avi\fR 206 .PP 207 Fuzz 2% of \fBmplayer\fR's input bits (\fB\-r\ 0.02\fR) with seeds 0 to 9999 208 (\fB\-s\ 0:10000\fR), disabling its standard output messages (\fB\-q\fR), 209 launching up to three simultaneous child processes (\fB\-F\ 3\fR), killing 210 \fBmplayer\fR if it takes more than one minute to read the file (\fB\-T\ 60\fR) 232 211 and disabling its \fBSIGSEGV\fR signal handler (\fB\-S\fR): 233 212 .PP 234 .RS 235 .nf 236 \fBzzuf -c -q -s 0:10000 -F 3 -T 60 -r 0.02 \\\fR 237 \fB mplayer -- -benchmark -vo null -fps 1000 movie.avi\fR 238 .fi 239 .RE 213 \fB zzuf -c -q -s 0:10000 -F 3 -T 60 -r 0.02 \\\fR 214 \fB mplayer -- -benchmark -vo null -fps 1000 movie.avi\fR 240 215 .SH BUGS 241 216 .PP
Note: See TracChangeset
for help on using the changeset viewer.