Grape: Generative Rule-Based Generic Stateful Fuzzing presented at CanSecWest 2011

by Nick Green (Fourteenforty),

Tags: Security

Summary : We present GRAPE, a rule-based, generative, stateful fuzzer. GRAPE generates fuzz-cases from scratch, and can interpret and incorporate responses to its fuzz-cases in subsequent generations. GRAPE uses a simple scapy-inspired syntax to define the structure of packets (or files, etc) to be sent or received, and a YAML-inspired syntax to define the primitives used to build those structures. Fuzz-cases are arranged as scenarios to direct the generation of fuzz-cases past connections or log-ins, and towards vulnerable paths. This allows GRAPE to fuzz more complex protocols, like HTTP, or stateful protocols like SMTP.