Quick and dirty fuzzing

I’ve had some recent luck fuzzing authentication mechanisms for a number of databases using the protocol fuzzer “Mutiny” from Cisco Talos. My interest came from vulnerability disclosures seen at Hackerone attacking some relatively mature and robust platforms. This blog will quickly detail the steps to setup and configure mutiny to fuzz a remote service.

Download and install Mutiny from Cisco Talos at the link below

https://github.com/Cisco-Talos/mutiny-fuzzer

Mutiny is a protocol fuzzer that takes a PCAP as an argument and uses radamsa to mutate the traffic which it will replay while monitoring service availability. This is a relatively dumb fuzzer but it can be setup fairly quickly and has the benefit of working well with services that are otherwise “black boxes”.

Decent resource — https://medium.com/@maxi./finding-and-exploiting-cve-2018-7445-f3103f163cc1

— Stopped writing got lazy stay tuned —