Joshua Pereyda
Joshua Pereyda
Making a little fuzzer app is nicer than manually changing the code every time you want to change an IP address, port number, etc. The best method I can think...
## Problem Right now boofuzz makes you declare everything statically, so describing a data structure within your protocol and adding it to the current stack are one in the same...
User @kgwhitmer reported that the `ber_string` lego is working in Sulley but not boofuzz. Gitter log: https://gitter.im/jtpereyda/boofuzz?at=596a5399bf7e6af22cdf8e79 I don't know why a lego was used just for BER strings though,...
Add a feature to retry failures and determine whether boofuzz can reproduce them. A binary search approach that moves backwards starting with just the failing case, then it and one...
Issue reported by @Ramzeth, see Gitter chats [here](https://gitter.im/jtpereyda/boofuzz?at=58dbe88c8bb56c2d11564672). > @Ramzeth You bring up a good point... Boofuzz doesn't currently support a scenario where the receive step should be skipped >...
There are many cases where fuzzing a single field will exceed a size limit. For example, if a field in an IP or UDP packet gets super oversized, the UDP...
The post_send API is defined by a function, and it's not exceedingly intuitive. Consider using an interface instead. Inspired by this talk: [The End Of Object Inheritance & The Beginning...
Currently, boofuzz config is done by writing a Python script. When writing such scripts, it is natural to add command line arguments. This results in a lot of redundant fixture...
Before fuzzing, run a test case without mutations (test case zero) and verify all checks pass. Consider adding an option to test the reset functionality as well by resetting before...
https://github.com/minimaxir/big-list-of-naughty-strings Consider: Is there a way to include dependencies like this without hard-coding them in?