Fuzzing with Radamsa in BlackArch
Fuzzing with Radamsa in BlackArch
When looking for new vulnerabilities, fuzzing, is a great technique to crash apps with unexpected data, learn how to do it.
Radamsa is a test case generator, it receives some input data and then it scrambles it to return some random data. Random is truly random, that means that you can even receive the same string :)
Unfortunately radamsa doesn’t come by default in BlackArch nor Kali Linux, so we have to build it and install it from its source code.
To install radamsa, first we have to clone the repository from Gitlab:
git clone https://gitlab.com/akihe/radamsa.gitEnter that directory and compile:
cd radamsa
make
sudo make installNow we are ready to use it.
The way radamsa works it is very simple, it receives some input from stdin, then it scrambles the data randomly and output it to stdout.
Some examples:
>>> echo "Hello world" | radamsa | xxd
00000000: 4865 6c6c 6f20 776e 726c 640a Hello wnrld.>>> echo "Hello world" | radamsa | xxd
00000000: 4865 6c6c 6f20 776f f3a0 f3a0 f3a0 80a2 Hello wo........
00000010: 8185 726c 6409 ..rld.>>> echo "Hello world" | radamsa | xxd
00000000: 4865 6c6c 6f20 776f 6f6f 6f6f 6f6f 6f6f Hello wooooooooo
00000010: 6f6f 6f6f 6f6f 6f6f 6f6f 6f6f 6f6f 6f6f oooooooooooooooo
00000020: c2a0 6ff3 a080 bc6f 776f 206f 6f6f 6f6f ..o....owo ooooo
00000030: 6f6f 6f6f 6f6f 6f6f 6f6f 6f6f 6f6f 6f6f oooooooooooooooo
00000040: 6f6f 6f6f 6f6f 6f6f 6f6f 6f6f 6f6f 6f6f oooooooooooooooo
00000050: 6f6f 6f6f 6f6f 6f6f 6f6f 6f6f 6f6f 6f6f oooooooooooooooo
00000060: 6f6f 6f6f 6f6f 6f6f 6f6f 6f6f 6f6f 6f6f oooooooooooooooo
00000070: 6f6f 6f6f 6f6f 6f6f 6f6f 6f6f 6f6f 6f6f oooooooooooooooo
00000080: 6f6f 6f6f 6f6f 6f6f 2077 6ff3 a080 a7e2 oooooooo wo.....
00000090: 8087 640a ..d.>>> echo "Hello world" | radamsa | xxd
00000000: 6f20 776f 726c 640a o world.>>> echo "Hello world" | radamsa | xxd
00000000: 4864 0a Hd.We use xxd command to show hexadecimal codes in case there are non-printable characters.
If we do not specify -o parameter the data will be sent to stdout. However, we can save it in a file with -o output.bin parameter:
echo "some random string 123456789" | radamsa -o output.binThat’s great for local fuzzing, but what happens when we are trying to fuzz some network service.
One simple trick would be using netcat to pipe the output to the target service. In this case host 192.168.1.12 on port 8080:
echo "some random string 123456789" | radamsa | nc 192.168.1.12 8080But we can send data simpler and directly using radamsa network support:
echo "some random string 123456789" | radamsa -o 192.168.1.12:8080If that wasn’t enough, we can also specify if we want to send the data to some UDP service:
echo "some random string 123456789" | radamsa -o 192.168.1.1:123/udpOverall, a good tool to assess robustness on data filtering in either local applications or network services.