Overview

beSTORM is a smart fuzzing platform with extensive coverage of more than 260 modules. Within the modules package, you can find a family of file fuzzing modules. In this guide, you will learn what file fuzzing is and how beSTORM can help you perform black box testing on your software or application by injecting slightly malformed files.


beSTORM includes the following file modules:


ANIHWPMPEG 4TGA
AVI H2646-AC3 / AVI XVIDICOPALTIFF
BMPJASC-PALPCAPUPX
DOCJPEGPDFWAV (PCM)
GIFMKVPNGWMV
HTMLMP3 / MP4PPTXLS


Why file fuzzing? 

As cybersecurity professionals, we are all aware of ransomware attacks started by a dropper hidden within a PDF code, vulnerabilities such as arbitrary code execution on Apple devices, or CVEs published regarding issues in commonly used files that are an opening a backdoor for remote-code execution log in bypass or a buffer overflow. While the vendors normally tend to those vulnerabilities by releasing updates (for example, Microsoft patches or Adobe security updates), developers should still check their software integrity and ability to digest certain files.


For example, a data loss prevention process (DLP) that handles thousands of XLS files daily should be checked as often for its integrity and ability to stand an exhaustive test. Verify the DLP will not crash when scanning malformed XLS files prepared by an attacker.


Other examples are a company that builds a storage application or a company that handles audio files. In fact, any application or device which processes a user input in forms of files should be tested for its ability to do so.

 

Setup 

To configure beSTORM to fuzz files, do the following:

  1. Open beSTORM Client.
  2. Select New Project to open the beSTORM New Project Wizard.
  3. On the Welcome page, enter a name for the project in the Project Name box.
  4. For Please select the wizard level, select Advanced.
  5. Select Next.
  6. On the Basic Configuration page, select a file module from the beSTORM's predefined modules list. This example will use JPEG.
  7. For Output Directory, select Browse to choose the folder that contains the files you want to fuzz with in the corresponding file format.
  8. Select Next.
  9. On the Advanced Configuration page, leave these parameters to their default settings.
  10. Select Next.
  11. On the Module Environment page, you can choose to split the file(s) into more directories, if needed.
    Note: Adding more directories increases the potential to reveal flaws in the device under test (DUT) but increases the file generation process as well.
  12. Select Next.
  13. On the Extra Configuration page, leave these parameters to their default settings.
  14. Select Next.
  15. On the Complete beSTORM wizard page, clear the Auto-start beSTORM scan now checkbox.
  16. Select Finish to open the beSTORM Client.
  17. Under Module Browser, select the down arrows to show how the module is constructed, what will be fuzzed in thee JPEG files (which is sent to the DUT), and how many permutations will be used.
  18. Select Start to start the file generation process. As beSTORM is working, each subfolder will contain a high amount of malformed JPEG files that will be later used for our script. 
  19. Once beSTORM is fuzzing, prepare the script and then start beSTORM Monitor, or run your own debugger to attach it to the application or service while the script is running.