Platform Overview
Fuzzing Terminology
Install the Fuzzbuzz CLI
Find your first C/C++ bug
Find your first Python bug
Find your first Rust bug
Find your first Go bug
Protocol Fuzzing
Seeding your fuzzer
Integrating with libFuzzer
Heartbleed in 5 Minutes
GitHub Integration
GitLab Integration
CLI Integration
fuzzbuzz.yaml reference
Fuzzer Reference
Bug Types
Self-Hosted Fuzzbuzz
Overview
Getting Started
Guides
Tutorials
Integrations
Reference
Reproducing Bugs
The Bug List
While in a project, clicking on the third tab, labeled Bugs will bring up a list of every bug that has been found by a fuzz job run within this project. Clicking a specific bug will bring you to the detailed bug view.
The Detailed Bug View
Note: you can also reach this page by clicking on any bug in the Fuzz Job view.
This detailed view allows you to view the most recent inputs into your program leading up to the bug, in reverse chronological order. The left column shows the input generated by the fuzzer, and the right column shows any interesting response information. You can use the Hex/Raw switch to get a hexdump of the inputs generated by the fuzzer, which will enable inspection of any unprintable characters.
If you wish to view more inputs than displayed on the UI, click the Export Test Cases button to download a full JSON file containing all the saved inputs prior to the bug's discovery. By default this is the prior 100 inputs, but this number may be configurable in the future.
Reproducing Bugs
You can reproduce bugs discovered by Fuzzbuzz using the Fuzzbuzz CLI. Make sure you've downloaded the most recent version of the Fuzzbuzz CLI by heading to the Downloads link at the top of the Fuzzbuzz dashboard.
For detailed information about all the protocol commands and flags available, place the word --help after a Fuzzbuzz CLI command. E.g. fuzzbuzz protocol --help or fuzzbuzz protocol reproduce --help.
Online Reproduction
To reproduce a bug discovered by Fuzzbuzz from a computer that has an authorized Fuzzbuzz CLI with access to the platform, first copy the bug's full URL. It will look something like this: http://your-fuzzbuzz-deployment.com/org/team/remote/myFuzzer1/bugs/1.
Then, ensure that your target is running, and you know the hostname/IP, and port that the target is listening on.
Finally, run the following command:
fuzzbuzz protocol reproduce --target tcp://target_hostname:[target_port] --bug [bug URL]
This command will download all inputs saved prior to the bug's discovery and run them against the specified target one by one. After running all inputs, it will report whether it exited successfully or not.
Offline Reproduction
To reproduce a bug discovered by Fuzzbuzz, without first authenticating the Fuzzbuzz CLI with the platform, first download the bug's inputs via the Export Test Cases button on the detailed bug page.
Then, ensure that your target is running, and you know the hostname/IP, and port that the target is listening on.
Finally, run the following command:
fuzzbuzz protocol reproduce --target tcp://target_hostname:[target_port] --json-file [location of test cases json]
This command will read all test cases from the downloaded JSON file, and reproduce them identically to the above online method.
Reproducing Specific Ranges
If you wish to reproduce only a specific range of inputs, you can use the --start and --count flags to achieve this:
--start: this flag specifies the offset from the beginning of the list of testcases.--start 0is the same as not specifying the start flag, and--start 2will start reproducing the bug from the third message in the list of inputs--count: this flag specifies the number of inputs to run
If the standard reproduce command would run 100 inputs against your target, the flag combination --start 3 --count 10 would run inputs 4 through 14 out of the 100 available inputs.
Note: you can also edit the JSON file to add and remove inputs from the list of values to test