Introduction
ProDisFuzz (Protocol Dissection Fuzzer) is an open source fuzzing tool. It was made to test a remote server application with malformed input data to discover vulnerabilities in the target software with the help of a couple of bioinformatics algorithms. One of its cool features is the ability to “learn” the protocol structure used for communication between the client and the server and using this structure for generating new fuzz data. Additionally, unlike most fuzzing frameworks, ProDisFuzz comes with a built-in GUI to make the testing process as easy as possible.
At the moment ProDisFuzz is more a proof of concept than an exhaustive fuzzing framework, but this will change in future as it will be under active development.
Features
- Support of stateless TCP protocols
- Protocol structure can be learned by reading sample captures
- The protocol structure is transformed to a XML format
- Protocol is divided into fixed and variable parts
- Combination of generation-based, library-based and random-based fuzz data
- Crashes are detected by remote monitoring of the server
- Report generation by collecting information about possible crashes
- Usage of bioinformatics algorithms
- Simple GUI
Screenshots
GitHub Statistics
Progress
| Upcoming Milestone | Issues (closed/open) | Last Update | Due on | |
|---|---|---|---|---|
| Purple Planks | 0/1 | Apr. 15, 2018 | Mar. 01, 2022 | |
| Yellow Bee | 0/2 | Apr. 15, 2018 | Mar. 01, 2021 | |
| Shady Tree | 0/2 | Apr. 15, 2018 | Dec. 01, 2020 | |
| Colorful Leaf | 7/17 | Apr. 15, 2018 | Sep. 30, 2020 | |
Commit Activities
Support
If you have questions or comments about ProDisFuzz you can mail at vnebelung@prodisfuzz.net or create tickets at the GitHub page.
Developers
Volker Nebelung, vnebelung@prodisfuzz.net