Posted on by Toolsin
Version 2.0 of the CERT Basic Fuzzing Framework (BFF) made its debut on Valentine's Day at the 2011 CERT Vendor Meeting in San Francisco. This new edition has a lot of cool features that we'll be describing in more detail in future posts, but we wanted to let you know that it's available so that you can download and try it.
Since we released BFF 1.1 in September last year, we've made a number of improvements to our Linux-based fuzzing environment. We are releasing the updates as BFF 2.0. Our main goal is to make it simpler for the creators of software to get started fuzzing. Along the way, we're trying to discover and refine techniques to increase the efficiency of finding vulnerabilities through fuzzing.
Here's a summary of what we've done:
We'll be posting more about these and possibly other features of BFF 2.0 in the future, but we wanted to share the news so you can start your own fuzzing campaigns. To get started, simply follow these steps:
DebianFuzz.zipto a directory of your choice
You may need to verify that the shared folder (
c:\fuzz -> /mnt/hgfs/fuzz) is enabled in the VM preferences. Other virtualization products may work with some additional configuration. See the README file in
scripts.zip for more details.
Note: For those of you who received a copy of BFF 2.0 at our vendor meeting last week, we've made a few bug fixes to the code in
scripts.zip, so you might want to download a fresh copy.