Changeset 1865 for zzuf/trunk/doc/zzuf.1
- Timestamp:
- Nov 3, 2007, 1:14:40 AM (15 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
zzuf/trunk/doc/zzuf.1
r1860 r1865 52 52 and commas between ranges. If the right-hand part of a range is ommited, it 53 53 means end of file. For instance, to restrict fuzzing to bytes 0, 3, 4, 5 and 54 all bytes after offset 31, use \(oq\fB\-r0,3 -5,31-\fR\(cq.54 all bytes after offset 31, use \(oq\fB\-r0,3\-5,31\-\fR\(cq. 55 55 56 56 This option is useful to preserve file headers or corrupt only a specific … … 142 142 all subsequent file descriptors. For instance, to restrict fuzzing to the 143 143 first opened descriptor and all descriptors starting from the 10th, use 144 \(oq\fB\- p1,10-\fR\(cq.144 \(oq\fB\-l1,10\-\fR\(cq. 145 145 146 146 Note that this option only affects file descriptors that would otherwise be 147 147 fuzzed. Even if 10 write-only descriptors are opened at the beginning of the 148 148 program, only the next descriptor with a read flag will be the first one 149 considered by the \fB\- p\fR flag.149 considered by the \fB\-l\fR flag. 150 150 .TP 151 151 \fB\-m\fR, \fB\-\-md5\fR … … 154 154 untouched. 155 155 .TP 156 \fB\-M\fR, \fB\-\-max -memory\fR=\fImegabytes\fR156 \fB\-M\fR, \fB\-\-max\-memory\fR=\fImegabytes\fR 157 157 Specify the maximum amount of memory, in megabytes, that children are allowed 158 158 to allocate. This is useful to detect infinite loops that eat up a lot of … … 165 165 \fB\-n\fR, \fB\-\-network\fR 166 166 Fuzz the application's network input. By default \fBzzuf\fR only fuzzes files. 167 168 Only INET (IPv4) and INET6 (IPv6) connections are fuzzed. Other protocol 169 families are not yet supported. 167 170 .TP 168 171 \fB\-p\fR, \fB\-\-ports\fR=\fIranges\fR … … 175 178 and commas between ranges. If the right-hand part of a range is ommited, it 176 179 means end of file. For instance, to restrict fuzzing to the HTTP and HTTPS 177 ports and to all unprivileged ports, use \(oq\fB\-p80,443,1024 -\fR\(cq.180 ports and to all unprivileged ports, use \(oq\fB\-p80,443,1024\-\fR\(cq. 178 181 179 182 This option requires network fuzzing to be activated using \fB\-n\fR. … … 240 243 \fB\-R\fR, \fB\-\-refuse\fR=\fIlist\fR 241 244 Refuse a list of characters by not fuzzing bytes that would otherwise be 242 changed to a character that is in \fIlist\fR. If the original byte is already243 in \fIlist\fR, it is left unchanged.245 changed to a character that is in \fIlist\fR. This does not prevent characters 246 from appearing in the output if the original byte was already in \fIlist\fR. 244 247 245 248 See the \fB\-P\fR option for a description of \fIlist\fR. … … 355 358 and open it in Firefox\(tm in auto-increment mode (\fB\-A\fR): 356 359 .PP 357 \fB seq -f \(aq<img src="hello.jpg#%g">\(aq 1 200 > hello.html\fR358 .br 359 (or: \fBjot -w \(aq<img src="hello.jpg#%d">\(aq 200 1 > hello.html\fR)360 .br 361 \fB zzuf -A -I \(aqhello[.]jpg\(aq-r0.001 firefox hello.html\fR360 \fB seq \-f \(aq<img src="hello.jpg#%g">\(aq 1 200 > hello.html\fR 361 .br 362 (or: \fBjot \-w \(aq<img src="hello.jpg#%d">\(aq 200 1 > hello.html\fR) 363 .br 364 \fB zzuf \-A \-I \(aqhello[.]jpg\(aq \-r0.001 firefox hello.html\fR 362 365 .PP 363 366 Run a simple HTTP redirector on the local host using \fBsocat\fR and … … 366 369 .PP 367 370 \fB zzuf \-n \-A \-b1000000\- \\\fR 368 \fB socat TCP4-LISTEN:8080,reuseaddr,fork TCP4:192.168.1.42:80\fR 371 \fB socat TCP4\-LISTEN:8080,reuseaddr,fork TCP4:192.168.1.42:80\fR 372 .PP 373 Browse the intarweb (\fB\-n\fR) using Firefox\(tm without fuzzing local files 374 (\fB\-E.\fR) or non-HTTP connections (\fB\-p80,8010,8080\fR), preserving 375 the beginning of the data sent with each HTTP response (\fB\-b4000\-\fR) 376 and using another seed on each connection (\fB\-A\fR): 377 .PP 378 \fB zzuf \-r 0.0001 \-n \-E. \-p80,8010,8080 \-b4000\- \-A firefox\fR 369 379 .SH RESTRICTIONS 370 380 .PP
Note: See TracChangeset
for help on using the changeset viewer.