Changeset 1865 for zzuf


Ignore:
Timestamp:
Nov 3, 2007, 1:14:40 AM (13 years ago)
Author:
Sam Hocevar
Message:
  • Documentation updates.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • zzuf/trunk/doc/zzuf.1

    r1860 r1865  
    5252and commas between ranges. If the right-hand part of a range is ommited, it
    5353means end of file. For instance, to restrict fuzzing to bytes 0, 3, 4, 5 and
    54 all bytes after offset 31, use \(oq\fB\-r0,3-5,31-\fR\(cq.
     54all bytes after offset 31, use \(oq\fB\-r0,3\-5,31\-\fR\(cq.
    5555
    5656This option is useful to preserve file headers or corrupt only a specific
     
    142142all subsequent file descriptors. For instance, to restrict fuzzing to the
    143143first opened descriptor and all descriptors starting from the 10th, use
    144 \(oq\fB\-p1,10-\fR\(cq.
     144\(oq\fB\-l1,10\-\fR\(cq.
    145145
    146146Note that this option only affects file descriptors that would otherwise be
    147147fuzzed. Even if 10 write-only descriptors are opened at the beginning of the
    148148program, only the next descriptor with a read flag will be the first one
    149 considered by the \fB\-p\fR flag.
     149considered by the \fB\-l\fR flag.
    150150.TP
    151151\fB\-m\fR, \fB\-\-md5\fR
     
    154154untouched.
    155155.TP
    156 \fB\-M\fR, \fB\-\-max-memory\fR=\fImegabytes\fR
     156\fB\-M\fR, \fB\-\-max\-memory\fR=\fImegabytes\fR
    157157Specify the maximum amount of memory, in megabytes, that children are allowed
    158158to allocate. This is useful to detect infinite loops that eat up a lot of
     
    165165\fB\-n\fR, \fB\-\-network\fR
    166166Fuzz the application's network input. By default \fBzzuf\fR only fuzzes files.
     167
     168Only INET (IPv4) and INET6 (IPv6) connections are fuzzed. Other protocol
     169families are not yet supported.
    167170.TP
    168171\fB\-p\fR, \fB\-\-ports\fR=\fIranges\fR
     
    175178and commas between ranges. If the right-hand part of a range is ommited, it
    176179means end of file. For instance, to restrict fuzzing to the HTTP and HTTPS
    177 ports and to all unprivileged ports, use \(oq\fB\-p80,443,1024-\fR\(cq.
     180ports and to all unprivileged ports, use \(oq\fB\-p80,443,1024\-\fR\(cq.
    178181
    179182This option requires network fuzzing to be activated using \fB\-n\fR.
     
    240243\fB\-R\fR, \fB\-\-refuse\fR=\fIlist\fR
    241244Refuse a list of characters by not fuzzing bytes that would otherwise be
    242 changed to a character that is in \fIlist\fR. If the original byte is already
    243 in \fIlist\fR, it is left unchanged.
     245changed to a character that is in \fIlist\fR. This does not prevent characters
     246from appearing in the output if the original byte was already in \fIlist\fR.
    244247
    245248See the \fB\-P\fR option for a description of \fIlist\fR.
     
    355358and open it in Firefox\(tm in auto-increment mode (\fB\-A\fR):
    356359.PP
    357 \fB    seq -f \(aq<img src="hello.jpg#%g">\(aq 1 200 > hello.html\fR
    358 .br
    359       (or: \fBjot -w \(aq<img src="hello.jpg#%d">\(aq 200 1 > hello.html\fR)
    360 .br
    361 \fB    zzuf -A -I \(aqhello[.]jpg\(aq -r0.001 firefox hello.html\fR
     360\fB    seq \-f \(aq<img src="hello.jpg#%g">\(aq 1 200 > hello.html\fR
     361.br
     362      (or: \fBjot \-w \(aq<img src="hello.jpg#%d">\(aq 200 1 > hello.html\fR)
     363.br
     364\fB    zzuf \-A \-I \(aqhello[.]jpg\(aq \-r0.001 firefox hello.html\fR
    362365.PP
    363366Run a simple HTTP redirector on the local host using \fBsocat\fR and
     
    366369.PP
    367370\fB     zzuf \-n \-A \-b1000000\- \\\fR
    368 \fB       socat TCP4-LISTEN:8080,reuseaddr,fork TCP4:192.168.1.42:80\fR
     371\fB       socat TCP4\-LISTEN:8080,reuseaddr,fork TCP4:192.168.1.42:80\fR
     372.PP
     373Browse the intarweb (\fB\-n\fR) using Firefox\(tm without fuzzing local files
     374(\fB\-E.\fR) or non-HTTP connections (\fB\-p80,8010,8080\fR), preserving
     375the beginning of the data sent with each HTTP response (\fB\-b4000\-\fR)
     376and using another seed on each connection (\fB\-A\fR):
     377.PP
     378\fB    zzuf \-r 0.0001 \-n \-E. \-p80,8010,8080 \-b4000\- \-A firefox\fR
    369379.SH RESTRICTIONS
    370380.PP
Note: See TracChangeset for help on using the changeset viewer.