FuzzingLabs Academy/Introduction to Python Fuzzing

  • Free

Introduction to Python Fuzzing

Discover how to fuzz Python code using pythonfuzz and Google Atheris fuzzers.
 📦 Source code, 📝 Cheatsheets & 🎞️ Videos

What you'll learn

This FREE course is an introduction to Python code fuzzing.

More videos will come in the future. If you want to make any proposal, please contact me using the website chatbox or by mail at fuzzinglabs@gmail.com.

1. Fuzzing Python code using pythonfuzz

In this first course, I will select a popular Python package (pyasn1) and find some interesting methods to fuzz. Then, I’ll explains how to create a pythonfuzz fuzzing target and how to customize it. Finally, I’ll show how to run the fuzzer and explain some particularity of pythonfuzz.

2. Fuzzing Python code using Atheris

In this second course, I will fuzz the famous beautifulsoup4 library in order to find uncaught Python exception. I will explain how to create a fuzzing harness using the Atheris fuzzer. Then, I will run it and show you how to replay when you trigger a crash.

3. Differential Fuzzing to find logic bugs

In this course, we will target 2 different Python email validation  packages. We will develop a simple differential fuzzer to find any implementation/behavior differences. This technique will help us to find logic bugs easily by detecting incorrectness in target's results.

4. How I found 2 BUGS in the "TOP 3 Most Downloaded" PyPI package with Google's Atheris

In this video, I will show you how I found at least 2 BUGS inside idna, the TOP 3 Monthly Most downloaded PyPI package. I will show you how to develop some compatible fuzzers for Google's Atheris fuzzer and how to run them. Finally, I will explain how to improve your fuzzing process and how to debug when python unhandled exceptions crashes are triggered.

What's included?

Fuzzing Python code with pythonfuzz

Video: Complete step-by-step tutorial
    Cheatsheet: All commands for the tutorial
    • 1.19 KB
    python_fuzzing_pythonfuzz.zip
    • 1.58 KB

    Fuzzing Python code with Atheris

    Video: Complete step-by-step tutorial
      Cheatsheet: All commands for the tutorial
      • 3.85 KB
      python_fuzzing_atheris.zip
      • 2.92 KB

      Differential Fuzzing to find Logic Bugs

      Video: Complete step-by-step tutorial
        Cheatsheet: All commands for the tutorial
        • 4.72 KB
        diff_fuzzing_python_email.zip
        • 141 KB

        How I found 2 BUGS in the "TOP 3 Most Downloaded" PyPI package with Google's Atheris Fuzzer

        Video: Complete step-by-step tutorial
          Cheatsheet : All the commands for the tutorial
          • 4.41 KB
          python_fuzzing_new_atheris_idna.zip
          • 186 KB

          Meet Your Instructor

          Hey! 👋 My name is Patrick and I'm the founder of FuzzingLabs, a research-oriented security company specializing in fuzzing, vulnerability research, and reverse engineering.

          Over time, we found hundreds of bugs and presented our work at various security conferences around the globe, including BlackHat USA, OffensiveCon, REcon, Devcon, EthCC, RingZer0, ToorCon, hack.lu, NorthSec, Microsoft DCC, etc.

          You can read more about me by clicking here.

          FREE Resources & Trainings

          Enter your email to receive special deals and a bundle of awesome resources. 100% free - 100% awesome. 👇

          You're signing up to receive emails from FuzzingLabs Academy