Update README.md

This commit is contained in:
Omar Santos 2022-07-14 13:35:17 -04:00 committed by GitHub
parent 01c1c2d806
commit 9442ecd9b2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -35,4 +35,4 @@ Mutation-based fuzzers use samples of valid input that are mutated randomly to p
Generation-based fuzzers actually generate input from scratch rather than mutating existing input. They usually require some level of intelligence to construct input that makes at least some sense to the program, although generating completely random data would also technically be generation. Generation fuzzers often split a protocol or file format into chunks, which they can build up in a valid order, and randomly fuzz some of those chunks independently. This can create inputs that preserve their overall structure, but contain inconsistent data within it. The granularity of these chunks and the intelligence with which theyre constructed define the level of intelligence of the fuzzer. While mutation-based fuzzing can have a similar effect as generation fuzzing (as, over time, mutations will be randomly applied without completely breaking the inputs structure), generating inputs ensures this will be so. Generation fuzzing can also get deeper into a protocol more easily, as it can construct valid sequences of inputs applying fuzzing to specific parts of that communication. It also allows the fuzzer to act as a true client/server, generating correct, dynamic responses where these cant be blindly replayed. Generation-based fuzzers actually generate input from scratch rather than mutating existing input. They usually require some level of intelligence to construct input that makes at least some sense to the program, although generating completely random data would also technically be generation. Generation fuzzers often split a protocol or file format into chunks, which they can build up in a valid order, and randomly fuzz some of those chunks independently. This can create inputs that preserve their overall structure, but contain inconsistent data within it. The granularity of these chunks and the intelligence with which theyre constructed define the level of intelligence of the fuzzer. While mutation-based fuzzing can have a similar effect as generation fuzzing (as, over time, mutations will be randomly applied without completely breaking the inputs structure), generating inputs ensures this will be so. Generation fuzzing can also get deeper into a protocol more easily, as it can construct valid sequences of inputs applying fuzzing to specific parts of that communication. It also allows the fuzzer to act as a true client/server, generating correct, dynamic responses where these cant be blindly replayed.
### Evolutionary ### Evolutionary
Evolutionary fuzzings an advanced technique, which well briefly describe. It allows the fuzzer to use feedback from each test case to learn the format of the input over time. Evolutionary fuzzings an advanced technique. It allows the fuzzer to use feedback from each test case to learn the format of the input over time.