Kodi Fuzzing ndi chiyani?

Intro: Kodi Fuzzing ndi chiyani?

Mu 2014, Chinese hackers adalowa mu Community Health Systems, gulu lachipatala la ku United States lochita phindu, ndipo linaba deta ya odwala 4.5 miliyoni. Obera adagwiritsa ntchito cholakwika chotchedwa Heartbleed chomwe chidapezeka mulaibulale yachinsinsi ya OpenSSL miyezi ingapo chisanachitike.

Heartbleed ndi chitsanzo cha gulu la zida zowukira zomwe zimalola owukira kuti akwaniritse zomwe akufuna potumiza zopempha zolakwika zovomerezeka kuti zitheke kuwunika koyambirira. Ngakhale akatswiri omwe amagwira ntchito m'magawo osiyanasiyana a pulogalamu amayesetsa kuti atsimikizire chitetezo chake, ndizosatheka kuganiza za zochitika zonse zapangodya zomwe zingathe kuswa pulogalamu kapena kuipangitsa kukhala pachiopsezo panthawi ya chitukuko.

Apa ndipamene 'fuzzing' imabwera.

Kodi Fuzzing Attack ndi chiyani?

Fuzzing, kuyesa kwa fuzz, kapena kuwukira movutikira, ndi njira yoyesera yodzipangira yokha yomwe imagwiritsidwa ntchito kudyetsa data mwachisawawa, yosayembekezereka, kapena yolakwika (yotchedwa fuzz) mu pulogalamu. Pulogalamuyi imayang'aniridwa pazinthu zachilendo kapena zosayembekezereka monga kusefukira kwa buffer, kuwonongeka, kukumbukira kukumbukira, kupachika kwa ulusi, ndi kuphwanya malamulo owerengera / kulemba. Chida cha fuzzing kapena fuzzer chimagwiritsidwa ntchito kuti awulule zomwe zimayambitsa khalidwe lachilendo.

Fuzzing imachokera ku lingaliro lakuti machitidwe onse ali ndi nsikidzi zomwe zikudikirira kuti ziwoneke, ndipo atha kupatsidwa nthawi yokwanira ndi zothandizira kutero. Makina ambiri ali ndi zowerengera zabwino kwambiri kapena zoletsa zotsimikizira zolowetsa oyimbira kugwiritsa ntchito zolakwika zilizonse mu pulogalamu. Komabe, monga tafotokozera pamwambapa, kuphimba milandu yonse yamakona panthawi yachitukuko kumakhala kovuta.

Ma fuzzers amagwiritsidwa ntchito pamapulogalamu omwe amalowetsa mokhazikika kapena okhala ndi malire odalirika. Mwachitsanzo, pulogalamu yomwe imavomereza mafayilo a PDF ingakhale ndi zovomerezeka zina kuti zitsimikize kuti fayiloyo ili ndi .pdf extension and parser kuti akonze fayilo ya PDF.

Fuzzer yogwira ntchito imatha kupanga zolowa zovomerezeka kuti zidutse malirewa koma osavomerezeka kupangitsa machitidwe osayembekezeka kupitilira pulogalamuyo. Izi ndizofunikira chifukwa kungotha kudutsa zovomerezeka sizitanthauza zambiri ngati palibe vuto linanso lomwe lachitika.

Ma Fuzzers amapeza ma vectors owukira ofanana kwambiri ndi kuphatikiza zokonda za jakisoni wa SQL, zolemba pamasamba, kusefukira kwa buffer, ndi kukana ntchito. Kuwukira konseku kumachitika chifukwa cholowetsa data yosayembekezereka, yosavomerezeka, kapena mwachisawawa mudongosolo.

Mitundu ya Fuzzers

Ma fuzzers akhoza kugawidwa kutengera zina:

Zolinga zowukira
Njira yopangira fuzz
Kudziwitsa za kamangidwe kake
Kudziwitsa za dongosolo la pulogalamu

1. Zolinga Zowukira

Gululi limatengera mtundu wa nsanja yomwe fuzzer ikugwiritsa ntchito kuyesa. Ma fuzzers amagwiritsidwa ntchito kwambiri ndi ma protocol a network ndi mapulogalamu apulogalamu. Pulatifomu iliyonse ili ndi mtundu wina wake wolowera womwe umalandira, motero imafunikira mitundu yosiyanasiyana ya fuzzers.

Mwachitsanzo, mukamagwira ntchito ndi mapulogalamu, kuyesayesa konse kosokoneza kumachitika pamakina osiyanasiyana a pulogalamuyo, monga mawonekedwe a ogwiritsa ntchito, terminal-line terminal, mafomu/zolowetsa zolemba, ndi kukweza mafayilo. Chifukwa chake zolowetsa zonse zopangidwa ndi fuzzer ziyenera kugwirizana ndi njira izi.

Ma fuzzers omwe amagwirizana ndi ma protocol olumikizirana amayenera kuthana ndi mapaketi. Ma fuzzers omwe amayang'ana nsanja iyi amatha kupanga mapaketi achinyengo, kapena kukhala ngati ma proxies kuti asinthe mapaketi omwe alandidwa ndikubwerezanso.

2. Fuzz Creation Njira

Ma fuzzers amathanso kugawidwa kutengera momwe amapangira deta kuti azitha kusokoneza. M'mbuyomu, ma fuzzers adapanga fuzz popanga data mwachisawawa kuyambira poyambira. Umu ndi momwe Pulofesa Barton Miller, woyambitsa njira iyi, adachitira poyamba. Mtundu uwu wa fuzzer umatchedwa a fuzzer yochokera m'badwo.

Komabe, ngakhale kuti munthu atha kupanga deta yomwe ingadutse malire odalirika, zingatenge nthawi yochuluka ndi zothandizira kuti achite zimenezo. Chifukwa chake njirayi imagwiritsidwa ntchito pamakina okhala ndi zida zosavuta zolowera.

Njira yothetsera vutoli ndikusintha zomwe zimadziwika kuti ndizovomerezeka kuti zitheke kupitilira malire odalirika, koma osavomerezeka kuti abweretse mavuto. Chitsanzo chabwino cha izi ndi a DNS fuzzer zomwe zimatenga dzina lachidziwitso kenako ndikupanga mndandanda waukulu wa mayina amtundu kuti muwone madera omwe angakhale oyipa omwe akulunjika eni ake omwe adatchulidwawo.

Njirayi ndi yanzeru kuposa yapitayi ndipo imachepetsa kwambiri zololeza zomwe zingatheke. Ma fuzzers omwe amagwiritsa ntchito njirayi amatchedwa fuzzers-based fuzzers.

Pali njira yachitatu yaposachedwa kwambiri yomwe imagwiritsa ntchito ma genetic ma aligorivimu kuti igwirizane ndi data ya fuzz yomwe ikufunika kuti muchotse zovuta. Imagwira ntchito poyeretsa mosalekeza deta yake ya fuzz, poganizira momwe deta iliyonse yoyesera ikuyendera ikalowetsedwa mu pulogalamu.

Ma seti ochita bwino kwambiri amachotsedwa padziwe la data, pomwe zabwino kwambiri zimasinthidwa ndi/kapena zimaphatikizidwa. Mbadwo watsopano wa data umagwiritsidwa ntchito kuyesanso fuzz. Ma fuzzers awa amatchedwa masinthidwe otengera masinthidwe fuzzers.

3. Kudziwitsa Zakuyika Kwadongosolo

Kugawanikaku kumatengera ngati fuzzer ikudziwa ndikugwiritsa ntchito mwachangu momwe pulogalamuyo imapangidwira popanga data ya fuzz. A fuzzer wosayankhula (fuzzer yomwe sadziwa momwe pulogalamu imalowetsedwera) imapanga fuzz mosasinthika. Izi zitha kuphatikiza ma fuzzers amtundu komanso masinthidwe.

Ngati fuzzer itaperekedwa ndi mtundu wolowetsa wa pulogalamu, fuzzer imatha kuyesa kupanga kapena kusintha data kuti igwirizane ndi mtundu womwe waperekedwa. Njirayi imachepetsanso kuchuluka kwa zinthu zomwe zimagwiritsidwa ntchito popanga deta yosavomerezeka. Mtundu woterewu umatchedwa a smart fuzzer.

4. Kudziwitsa za Kapangidwe ka Pulogalamu

Ma fuzzers amathanso kugawidwa kutengera ngati akudziwa momwe pulogalamuyo ikugwiritsidwira ntchito, ndikugwiritsa ntchito kuzindikira kumeneku kuthandiza kupanga deta ya fuzz. Ma fuzzers akagwiritsidwa ntchito kuyesa pulogalamu osamvetsetsa momwe ili mkati, imatchedwa kuyesa kwa black-box.

Zambiri za Fuzz zomwe zimapangidwa pakuyesa kwa bokosi lakuda nthawi zambiri zimakhala mwachisawawa pokhapokha ngati fuzzer ndi fuzzer yochokera ku masinthidwe, pomwe 'imaphunzira' poyang'anira momwe kugwedezeka kwake ndikugwiritsira ntchito. mudziwe kuti mukonzenso seti yake ya data ya fuzz.

Kuyesa kwa bokosi loyera kumbali ina kumagwiritsa ntchito chitsanzo cha mkati mwa pulogalamu kuti apange deta ya fuzz. Njira iyi imalola fuzzer kupita kumalo ovuta mu pulogalamu ndikuyesa.

Zida Zodziwika bwino za Fuzzing

Pali zambiri zosangalatsa zida kunja uko omwe amagwiritsidwa ntchito ndi oyesa cholembera. Zina mwazodziwika kwambiri ndi izi:

Zochepa Za Fuzzing

Ngakhale Fuzzing ndi njira yothandiza kwambiri yoyesera cholembera, ilibe zolakwika zake. Zina mwa izi ndi:

Zimatenga nthawi yayitali kuti ziyende.
Zowonongeka ndi machitidwe ena osayembekezereka omwe amapezeka poyesa pulogalamu yakuda akhoza kukhala ovuta, kapena zosatheka kusanthula kapena kukonza.
Kupanga ma tempuleti osinthika a ma fuzzer anzeru osinthika kumatha kukhala nthawi yambiri. Nthawi zina, sizingakhale zotheka chifukwa cholowetsamo kukhala eni ake kapena osadziwika.

Komabe, ndi chida chothandiza komanso chofunikira kwa aliyense amene akufuna kupeza nsikidzi pamaso pa oyipa.

Kutsiliza

Fuzzing ndi njira yamphamvu yoyesera cholembera yomwe ingagwiritsidwe ntchito kuvumbulutsa zovuta zamapulogalamu. Pali mitundu yosiyanasiyana ya ma fuzzers, ndipo ma fuzzers atsopano akupangidwa nthawi zonse. Ngakhale fuzzing ndi chida chothandiza kwambiri, ili ndi malire ake. Mwachitsanzo, ma fuzzers amatha kungopeza zovuta zambiri ndipo amatha kukhala ofunikira kwambiri. Komabe, ngati mukufuna kuyesa njira yodabwitsayi nokha, tili ndi a DNS Fuzzer API yaulere yomwe mungagwiritse ntchito papulatifomu yathu.

Ndiye mukuyembekezera chiyani?

Yambani kukangana lero!

Zilembo za Kobold: Ziwopsezo za HTML zochokera ku Email Phishing

April 18, 2024 No Comments

Makalata a Kobold: HTML-based Email Phishing Attacks Pa Marichi 31st 2024, a Luta Security adatulutsa nkhani yowunikira pa vector yatsopano yaukadaulo, Kobold Letters.

Werengani zambiri "

Google ndi The Incognito Myth

April 10, 2024 No Comments

Google ndi The Incognito Myth Pa Epulo 1 2024, Google idavomera kuthetsa mlandu powononga mabiliyoni a mbiri yakale yomwe yasonkhanitsidwa kuchokera ku Incognito mode.

Werengani zambiri "

Maadiresi a MAC ndi MAC Spoofing: Buku Lokwanira

April 6, 2024 No Comments

Ma adilesi a MAC ndi MAC Spoofing: Maupangiri Athunthu Kuchokera pakuthandizira kulumikizana mpaka kulumikizana kotetezeka, ma adilesi a MAC amagwira ntchito yofunika kwambiri pakuzindikiritsa zida.

Werengani zambiri "

Kodi Fuzzing ndi chiyani?

Intro: Kodi Fuzzing ndi chiyani?

Kodi Fuzzing Attack ndi chiyani?

Mitundu ya Fuzzers

1. Zolinga Zowukira

2. Fuzz Creation Njira

3. Kudziwitsa Zakuyika Kwadongosolo

4. Kudziwitsa za Kapangidwe ka Pulogalamu

Zida Zodziwika bwino za Fuzzing

Zochepa Za Fuzzing

Kutsiliza

Zilembo za Kobold: Ziwopsezo za HTML zochokera ku Email Phishing

Google ndi The Incognito Myth

Maadiresi a MAC ndi MAC Spoofing: Buku Lokwanira

Services

Kampani Yathu

Adilesi Yathu

Solutions

Security FAQ

Media Social