Date: Fri, 27 Mar 2015 22:55:59 +0800 From: Kai Zhao <loverszhao@...il.com> To: john-dev@...ts.openwall.com Subject: Fuzz command options Hi all, I am glad to introduce my simple project: Fuzz Options, which has found 11 bugs by fuzzing command options, several are segfault and most are asan error. Fuzz Options tries to combine all the parameters and send them to john to run, once there is a crash, the parameters will be written to ./crashes file. For more information please read: https://github.com/loverszhaokai/JohnTheRipper/tree/fuzzing/fuzz/fuzz_options Currently, Fuzz Options only combines parameters offered by us without changing the parameter values. Do we need to mutate the values of parameters? For example, we provide --max-run-time=1 in the parameter config file, do we need to mutate "1", such as copy four times: --max-run-time=11111 I thinks we need, but there maybe too many test cases. Traditional fuzzing only fuzz single input data. Do we need multidimensional fuzzing namely fuzz several input data at the same time (e.g., fuzz both hashes and command options at the same time). Thanks for your time, Kai Content of type "text/html" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.