Reproducing Bugs

The Bug List

While in a project, clicking on the third tab, labeled Bugs will bring up a list of every bug that has been found by a fuzz job run within this project. Clicking a specific bug will bring you to the detailed bug view.

The Detailed Bug View

Note: you can also reach this page by clicking on any bug in the Fuzz Job view.

This detailed view allows you to view the most recent inputs into your program leading up to the bug, in reverse chronological order. The left column shows the input generated by the fuzzer, and the right column shows any interesting response information. You can use the Hex/Raw switch to get a hexdump of the inputs generated by the fuzzer, which will enable inspection of any unprintable characters.

If you wish to view more inputs than displayed on the UI, click the Export Test Cases button to download a full JSON file containing all the saved inputs prior to the bug's discovery. By default this is the prior 100 inputs, but this number may be configurable in the future.

Reproducing Bugs

You can reproduce bugs discovered by Fuzzbuzz using the Fuzzbuzz CLI. Make sure you've downloaded the most recent version of the Fuzzbuzz CLI by heading to the Downloads link at the top of the Fuzzbuzz dashboard.

For detailed information about all the protocol commands and flags available, place the word --help after a Fuzzbuzz CLI command. E.g. fuzzbuzz protocol --help or fuzzbuzz protocol reproduce --help.

Online Reproduction

To reproduce a bug discovered by Fuzzbuzz from a computer that has an authorized Fuzzbuzz CLI with access to the platform, first copy the bug's full URL. It will look something like this: http://your-fuzzbuzz-deployment.com/org/team/remote/myFuzzer1/bugs/1.

Then, ensure that your target is running, and you know the hostname/IP, and port that the target is listening on.

Finally, run the following command:

fuzzbuzz protocol reproduce --target tcp://target_hostname:[target_port] --bug [bug URL] 

This command will download all inputs saved prior to the bug's discovery and run them against the specified target one by one. After running all inputs, it will report whether it exited successfully or not.

Offline Reproduction

To reproduce a bug discovered by Fuzzbuzz, without first authenticating the Fuzzbuzz CLI with the platform, first download the bug's inputs via the Export Test Cases button on the detailed bug page.

Then, ensure that your target is running, and you know the hostname/IP, and port that the target is listening on.

Finally, run the following command:

fuzzbuzz protocol reproduce --target tcp://target_hostname:[target_port] --json-file [location of test cases json]

This command will read all test cases from the downloaded JSON file, and reproduce them identically to the above online method.

Reproducing Specific Ranges

If you wish to reproduce only a specific range of inputs, you can use the --start and --count flags to achieve this:

  • --start: this flag specifies the offset from the beginning of the list of testcases. --start 0 is the same as not specifying the start flag, and --start 2 will start reproducing the bug from the third message in the list of inputs

  • --count: this flag specifies the number of inputs to run

If the standard reproduce command would run 100 inputs against your target, the flag combination --start 3 --count 10 would run inputs 4 through 14 out of the 100 available inputs.

Note: you can also edit the JSON file to add and remove inputs from the list of values to test

ON THIS PAGE