1 | $Id: README 1530 2007-01-01 19:14:55Z sam $ |
---|
2 | |
---|
3 | 1. About Zzuf |
---|
4 | |
---|
5 | Zzuf is a transparent application input fuzzer. It works by intercepting |
---|
6 | file operations and changing random bits in the program's input. Zzuf's |
---|
7 | behaviour is deterministic, making it easy to reproduce bugs. |
---|
8 | |
---|
9 | |
---|
10 | 2. Example |
---|
11 | |
---|
12 | Fuzz the input of the "cat" program using default settings: |
---|
13 | |
---|
14 | # zzuf cat /etc/motd |
---|
15 | |
---|
16 | Fuzz 1% of the input bits of the "cat" program using seed 94324: |
---|
17 | |
---|
18 | # zzuf -s 94324 -r 0.01 cat /etc/motd |
---|
19 | |
---|
20 | Fuzz the input of the "convert" program, using file foo.jpeg as the original |
---|
21 | input and excluding .xml files from fuzzing (because convert will also open |
---|
22 | its own configuration files and we do not want zzuf to fuzz them): |
---|
23 | |
---|
24 | # zzuf -E '\.xml$' convert -- foo.jpeg -format tga /dev/null |
---|
25 | |
---|
26 | Fuzz the input of VLC, using file movie.avi as the original input and |
---|
27 | restricting fuzzing to filenames that appear on the command line, then |
---|
28 | generate fuzzy-movie.avi which is a file that can be fed to VLC to reproduce |
---|
29 | the behaviour without using zzuf: |
---|
30 | |
---|
31 | # zzuf -c -s 87423 -r 0.01 vlc movie.avi |
---|
32 | |
---|
33 | # zzuf -c -s 87423 -r 0.01 cp movie.avi fuzzy-movie.avi |
---|
34 | # vlc fuzzy-movie.avi |
---|
35 | |
---|
36 | Fuzz mplayer's input with seeds 0 to 9999 and kill processes that take more |
---|
37 | than one minute to read the movie file: |
---|
38 | |
---|
39 | # zzuf -c -q -s 0:10000 -T 60 -r 0.02 \ |
---|
40 | mplayer movie.avi -- -benchmark -vo null -fps 1000 |
---|
41 | |
---|
42 | Same as above with up to 15 simultaneous child processes because we are |
---|
43 | playing a sound file: |
---|
44 | |
---|
45 | # zzuf -c -F 15 -q -s 0:10000 -T 60 -r 0.02 \ |
---|
46 | mplayer song.mp3 -- -benchmark -ao null |
---|
47 | |
---|