ProDisFuzz

Future updates of ProDisFuzz will contain much better fuzzing options regarding potential targets than it does in version 3. Especially the handling of system processes (starting, stopping, monitoring, …) will advance when Java 9 is released.

In Java 9 the process API for controlling system processes will be improved (more information here). Managing processes is pretty complex and OS dependent. As ProDisFuzz is right now based on Java 8 the capabilities of handling system processes is too limited to give satisfying fuzzing results.

I will work on an improved fuzzing implementation for ProDisFuzz as soon as Java 9 becomes available.

In the last months I have created unit tests based on TestNG as this project is getting more and more complex. The test creation will be completed in the next few weeks.

After this the next steps will be:

• Separate the monitor component from the main program and create a communication protocol,
• Extend the fuzz testing capabilities.

The new version with the code name “Red Fish” is released today. The build depends on JavaFX, so Java Runtime Environment 8 or above is required. The new release will check automatically for an update at every start if an online connection is available.

The internal build process is now based on Maven so the source structure at https://github.com/vnebelung/ProDisFuzz reflects this.

The binary can be found in the Download section.

The next version of ProDisFuzz will be released in April 2014 because its GUI will be changed to JavaFX. In Java 7 the GUI elements of JavaFX are still quite limited, so it is the best to wait for Java 8 in March where the GUI capabilities will be enhanced.

A new version of ProDisFuzz was uploaded to GitHub at https://github.com/vnebelung/ProDisFuzz.

This release “Green River” contains major code changes, which are necessary for further enhancements of the fuzzer. Most of this changes are not directly visible but you will notice that the UI is no longer based on SWT but on Swing which results in several performance boosts.

Based on this version ProDisFuzz new features, bug fixes and changes are now added step by step. New releases will follow every couple of weeks. A binary for all major operation systems can be found here.

Preview for the next releases of ProDisFuzz:

Currently I am working on major structural changes within the code to make it more flexible towards future development and enhancements.

Additionally I will change the view from SWT to Swing hoping to get significant performance boosts while displaying some windows.

Today prodisfuzz.net is launched. A (still) rudimentary documentation of the Protocol Dissection Fuzzer is available as well as the source code on GitHub.

If you are interested in the fuzzer and have questions or comments about the program itself or its algorithmic backgrounds, leave a comment or contact me.