The Design And Implemention Of Fuzzing Tool

Along with the deepening of social informationbased, software security issues become increasingly acute. Security vulnerabilities in software is a failure mode. It is easy for others to attack software because the existence of these vulnerabilities. Once the software has been successful attacked, the system may be paralyzed, the harm may be greater, therefore, that such vulnerabilities should be avoided. In order to avoid this situation, before republic of software, it's better to take some testing and try the best to find bugs and vulnerabilities. But the real situation is:a lot of software has not rigorously tested before placing on market.Fuzz testing is a very good testing method for testing vulnerability and testing automation. But the effect of fuzz testing depends on the testing data it used. However the testing data fuzzing tools used is too simple and the method of generating data is too weak. While the regular expression is one kind description of regular language, which is widely used in pattern matching and is supported by many programming languages.This article gives a new usage of regular expression, trafroming the regular expression into the data which matches. Because the regular expression is powerful of describing, it's very suitable for describing structure data. This article designs a complete defination for this kind of regular express which can generate data and this kind of regular express is named "regular generating expression". Meanwhile, this article imlements the programming codes to tranfrom "regular generating expression".Based on the regular generating expression, this article designs and implements two Fuzzing testing frame, and everyone's testing data is genrated by regular generating expression. However, it's very easy to extend these two frame. The first one can be extended by providing the a dynamic library, which is the implemention of the required interface. And the second one is extended by providing a Python script. With these two fram, the tester can easily bend himself to the protocol problems of target, design the testing data. And the result will be that it's very eary to find vulnerabilities of the target. At the end of this article, I tested a target software with the fuzzing tools above, while the result is good.