Configuring and Using SPIKE

[w0lverine00x90]

So I started a project to Fuzz applications. I am using Spike for beginners but unfortunately their is not much documentation on SPIKE out there. Can anyone provide any good documentation on how to configure and use spike? Much appreciated!

[grid]

One of the best spike resources I've seen was a series of tutorials by Stephen Bradshaw at http://resources.infosecinstitute.com/author/lupin/ I'd go through these from the bottom-up.

There's a talk at SkyDogCon (October 24) on fuzzing basics that will cover spike...full disclosure, I'm the speaker

[padawan]

Hello, I'm currently working on fuzzing a old, buggy program and through some research I discovered a buffer overflow vuln on an argument of a particular command. What I cannot figure out is how to configure spike to send a fuzz string to the second argument only (send a static, fixed length variable for the first argument, then send fuzz data to the second argument). The arguments are separated by a space, is there a way to set a constant for the first argument, append a space and fuzz everything after the constant & space? I believe the option may be available by using "s_string_variables" and SKIPVAR, or possibly some proper spike scripting on my part but I've never reconfigured Spike this way. Any help is greatly appreciated!

[grid]

Also, you may want to check out my github page at https://github.com/griddd/SDC2015

The .spk files are for spike.

[grid]

s_string sends a constant, while s_string_variable sends a constant on the first run, then fuzzed data on subsequent runs. You could break up your command like so...

s_string("PUT ");
s_string("constant ");
s_string_variable("fuzzed_data");


When combined by spike, the first result will look like this (note the spaces after the PUT and constant):
PUT constant fuzzed_data

The next run will look like this (again note the spaces after the PUT and constant):
PUT constant [fuzz string inserted by spike]

Hope this helps

[padawan]

Thanks for the info!