- Free
Introduction to Python Fuzzing
Discover how to fuzz Python code using pythonfuzz and Google Atheris fuzzers.
📦 Source code, 📝 Cheatsheets & 🎞️ Videos
📦 Source code, 📝 Cheatsheets & 🎞️ Videos
What you'll learn
This FREE course is an introduction to Python code fuzzing.
More videos will come in the future. If you want to make any proposal, please contact me using the website chatbox or by mail at fuzzinglabs@gmail.com.
More videos will come in the future. If you want to make any proposal, please contact me using the website chatbox or by mail at fuzzinglabs@gmail.com.
1. Fuzzing Python code using pythonfuzz
In this first course, I will select a popular Python package (pyasn1) and find some interesting methods to fuzz. Then, I’ll explains how to create a pythonfuzz fuzzing target and how to customize it. Finally, I’ll show how to run the fuzzer and explain some particularity of pythonfuzz.
2. Fuzzing Python code using Atheris
In this second course, I will fuzz the famous beautifulsoup4 library in order to find uncaught Python exception. I will explain how to create a fuzzing harness using the Atheris fuzzer. Then, I will run it and show you how to replay when you trigger a crash.
3. Differential Fuzzing to find logic bugs
In this course, we will target 2 different Python email validation packages. We will develop a simple differential fuzzer to find any implementation/behavior differences. This technique will help us to find logic bugs easily by detecting incorrectness in target's results.
4. How I found 2 BUGS in the "TOP 3 Most Downloaded" PyPI package with Google's Atheris
In this video, I will show you how I found at least 2 BUGS inside idna, the TOP 3 Monthly Most downloaded PyPI package. I will show you how to develop some compatible fuzzers for Google's Atheris fuzzer and how to run them. Finally, I will explain how to improve your fuzzing process and how to debug when python unhandled exceptions crashes are triggered.
What's included?
Fuzzing Python code with pythonfuzz
Video: Complete step-by-step tutorial
Cheatsheet: All commands for the tutorial
- 1.19 KB
python_fuzzing_pythonfuzz.zip
- 1.58 KB
Fuzzing Python code with Atheris
Video: Complete step-by-step tutorial
Cheatsheet: All commands for the tutorial
- 3.85 KB
python_fuzzing_atheris.zip
- 2.92 KB
Differential Fuzzing to find Logic Bugs
Video: Complete step-by-step tutorial
Cheatsheet: All commands for the tutorial
- 4.72 KB
diff_fuzzing_python_email.zip
- 141 KB
How I found 2 BUGS in the "TOP 3 Most Downloaded" PyPI package with Google's Atheris Fuzzer
Video: Complete step-by-step tutorial
Cheatsheet : All the commands for the tutorial
- 4.41 KB
python_fuzzing_new_atheris_idna.zip
- 186 KB
Meet Your Instructor
Hey! 👋 My name is Patrick and I'm the founder of FuzzingLabs, a research-oriented security company specializing in fuzzing, vulnerability research, and reverse engineering.
Over time, we found hundreds of bugs and presented our work at various security conferences around the globe, including BlackHat USA, OffensiveCon, REcon, Devcon, EthCC, RingZer0, ToorCon, hack.lu, NorthSec, Microsoft DCC, etc.
You can read more about me by clicking here.
Over time, we found hundreds of bugs and presented our work at various security conferences around the globe, including BlackHat USA, OffensiveCon, REcon, Devcon, EthCC, RingZer0, ToorCon, hack.lu, NorthSec, Microsoft DCC, etc.
You can read more about me by clicking here.
FREE Resources & Trainings
Enter your email to receive special deals and a bundle of awesome resources. 100% free - 100% awesome. 👇