Abstract

This paper will present a very simple (for people experienced in programming) yet powerful idea for easy and rapid blind fuzzing of network based applications. Theoretically, fuzzing involves supplying invalid and/or semi-invalid input-set to the target application and monitoring for possible faults. Given the wide variety of network based software available and implementing different protocol, writing fuzzers for each of the different protocol although more complete but quite time consuming. Wireplay can be used as a quick approach to preliminary fuzzing of applications implementing totally unknown/custom protocol. The fundamental concept of Wireplay is to read pcap dumps of valid communication between our target server and its original client application, modify the original client-to-server data to introduce possible faults in the server and replay it to the server. Wireplay uses stream socket to communicate with server and uses only the TCP Payload part from the pcap dumps hence it avoids any of the internal details of handling TCP keeping itself to minimal and simple.

He also intends to release the code for Wireplay at http://code.google.com/p/wireplay/ on or before the day of the conference.