File Fuzzing in beSTORM

 

Overview: beSTORM is a smart fuzzing platform with extensive coverage of more than 260 modules. Within the modules package, you would find a family of modules called file fuzzing. In this document, you will learn what is file fuzzing what would be the ideal use-case. How beSTORM can help you perform black-box testing on your software or application with the injection of slightly malformed files.
 

beSTORM is currently covering the following 26 files modules: 

ANI

HWP

MPEG 4

TGA

AVI H264-AC3 and AVI XVID

ICO

PAL

TIFF

BMP

JASC-PAL

PCAP

UPX

DOC

JPEG

PDF

WAV (PCM)

GIF

MKV

PNG

WMV

HTML

MP3 and MP4

PPT

XLS


 
Why File- Fuzzing: as Cybersecurity professionals we are all aware of ransomware attacks started by a dropper hidden within a pdf code or vulnerabilities such as arbitrary code execution on Apple devices or CVEs published regarding issues in commonly used files that are an opening a backdoor for remote-code execution login bypass or a buffer overflow. While the vendors normally tend to those vulnerabilities by releasing updates for example Microsoft patches or Adobe security updates. Developers should still check for their software integrity and ability to digest certain files.

For example, if I have built a DLP which processes thousands of Xls files daily I should check for my DLP integrity and its ability to stand an exhaustive test. I should verify that my DLP would not crash when scanning malformed Xls files prepared by an attacker.

Another use case would be for a company that builds a storage application or a company that handles audio files but not only.

In Fact, any application or device which processes a user input in forms of files should be tested for its ability to do so.

 
So now that we covered the need and the available options to fuzz with beSTORM we will cover more on how to setup beSTORM for file-fuzzing and what beSTORM 
is doing

 

 

  1. Start beSTORM client and click on New Project 
  2. Give your project a name and click on next
     
  3. Choose the type of files you are looking to test and save the output on a new folder. In this case we have tested JPEG and saved it on a new folder in our desktop and click next
     
  4. In the new menu you will be able to configure the scale type recommend to leave as default 

 

 

 

 

 

5.In the next menu you would see the environment variables you can decide to split the files into more directories remember that more directories mean more potential of flaws in the DUT but a longer files generating process as well. 



6.In the next menu we recommend to uncheck auto-start in order to learn the module browser and decision tree.

7. On the right side click on the JPEG line within the module browser when starting to open the fields you will see how the module has been constructed what is actually being fuzzed in the jpeg files which we will send to the DUT and how many permutations are being used 

 

8. Click on start for the file generating process to begin 

 

9.As you can see beSTORM has started to generate subfolders within our JPEG fuzzing folder


 

10. Each subfolder contains a high amount of malformed JPEG files that will be later used for our script. 

11. Once beSTORM is done prepare the script and start beSTORM Monitor or your own debugger to attach it to the application or service while the script is running.