Version 1.4
New to version 1.4:
- FuzzwareDBG: A debugger written using the Microsoft Debug Engine (http://msdn.microsoft.com/en-us/library/cc265851.aspx). FuzzwareDBG.exe can be invoked as a local server (out-of-proc) COM component and also works as a post-mortem (just-in-time) debugger. FuzzwareDBG logs exceptions and a crash dump in a directory hierarchy of the form 'exe_name\exception_type\exception_address'.
- Evaluate: When output to an executable you can now choose to run that executable in FuzzwareDBG.
- Monitoring: FuzzwareDBG can be enabled as the post-mortem debugger. The previous post-mortem debugger is restored when fuzzing is finished.
- Common: If Schemer runs for more than a day, when a log entry is written on the new day, the new day is also logged. This will make it easier to keep track of when interesting fuzzing events occur.
- Evaluate: Added [workingdir] token that can be used with the OutputToExe command line. This means "[workingdir]\[filename]" expands to the full path of the testcase. Previously this required manually entering the Fuzzware directory.
- Examples: Added fuzzing examples for MP4, 3GP and MOV file formats.
The help file also includes the list of bug fixes.
You can download Fuzzware (package including Schemer, Fuzzsaw and FuzzwareDBG) here.Version 1.3.1
New to version 1.3.1:
- Schemer: New fuzzers for Integer types: AddInteger, SubtractInteger, MultiplyInteger and DivideInteger. These use the current value of the node along with the value specified in the ValueGroup.
- Examples: Added example for AVI. Note that there are numerous programs that generate AVI files that are not consistent with the AVI format, so while the XSD provided will work for some, it won't work for everything. Hopefully only a minimal change to the XSD would be required to get a particular AVI file converted.
- ConvertFromXML: Added 'FormatXML' option. When outputting XML, if true this will format the XML with line breaks and indenting.
- Fuzzsaw: Checkbox to always save the configuration file when you run Schemer, default is checked.
The help file also includes the list of bug fixes.
You can download Fuzzware (package including Schemer and Fuzzsaw) here.Version 1.3
New to version 1.3:
- Fuzzsaw. A new GUI for configuring Schemer. Just load up the Configuration.xml file into Fuzzsaw and gain easy access to all of Schemer's options. If using Convert2XML you can watch the conversion in real time. Schemer can also be lauched from Fuzzsaw. (Fuzzsaw is written in the WPF and so needs the .Net 3.5 framework)
- Random fuzzing. You can choose random fuzzers for integer, decimal and binary data types. The seed value is logged so to repeat the same sequence of random values enter the seed in the StartState FuzzIndex. To repeat a particular case just use it's FuzzIndex.
- PDML support. If you save a network packet using WireShark in PDML format, Schemer will automatically create an XSD and XML file describing the data. So there is virtually zero effort to fuzz a single network packet.
- Extensibility. Schemer is now more extensible and it's simpler to extend it.
- Fuzzing XML attributes is now fully supported, they are treated identically to XML element simple types.
A detailed help file has also been included. The help is example based, showing how to set up the reference fuzzing examples, which include
- BMP
- HTTP
- PDML
- TLS (unencrypted handshake)
- WAV
- WinRar
- XHTML
- XPS
Schemer
Schemer is a generic file and protocol fuzzer. Schemer requires
an XML Schema describing the format of the data and an example or test
case of the data to be fuzzed. Schemer makes available certain
ways in which the data can be fuzzed, but lets the user specify the
values used. For example, Schemer lets you replace strings with
long strings, but the user has to specify the lengths used.
Schemer can output the fuzzed data in a variety of ways; to file, to an
application, to the network, or to code provided by the user.
Schemer can also monitor the software that is the target of the fuzzed
data and record all test cases that affect the target.
Some examples have been included with Schemer to demonstrate how it can
be used. The examples are a great place to start, in conjunction
with the help documentation, to get a feel for using Schemer and to get the
most out of it.
Schemer requires the .Net framework and is currently a command line
application, although it only takes 1 argument, the configuration file.
You can download Schemer here.