This blog post is authored by James Spadaro of Cisco ASIG and Lilith Wyatt of Cisco Talos.
Imagine a scenario where you, as a vulnerability researcher, are tasked with auditing a network application to identify vulnerabilities. By itself, the task may not seem too daunting until you learn of a couple conditions and constraints: you have very little information to work off of on how the network applications operates, how the protocols work, and you have a limited amount of time to conduct your evaluation. What do you do?
In these scenarios, searching for and identifying vulnerabilities in network applications can be a monumental task. Fuzzing is one testing method that researchers may use in these cases to test software and find vulnerabilities in an efficient manner. However, the question that then comes up is how does one fuzz quickly and effectively?
Enter the Mutiny Fuzzing Framework and the Decept Proxy.