Metafuzz - Building Boring Fuzzers Faster, Using Metadata [PPT]

So, let's be clear - talking about 'new' fuzzing techniques is silly. Fuzzing is one of those embarassing things we all do in dark rooms when the occasion demands, but we don't talk about it with our mates. The Metafuzz framework is a protocol metadata based approach, which means that most of the time should be spent describing the protocol elements (packet headers, field types and such) and the protocol operation. Once all that is done, a simple fuzzer can be instantiated with one line.

More specifically, Metafuzz 0.3 features:
* A protocol definition library which can be used for binary or plaintext protocol elements and works pretty well as a generic parser.
* A library for the creation of 'simple yet effective' finite state automata that can be used to describe protocol mechanisms and automatically manage state transitions and stateful protocol elements like nonces, session ids, cookies, encryption keys and the like. It does not use Bachus Naur Form.
* Some funky output generator classes that can be intermixed and combined with output feedback mutators to create all sorts of cool output.
* An 'automatic test case generator' which works out what kind of output to send based on the protocol element being tested. Just like artificial intelligence... except not.
* It's written in Ruby. All the cool kids use Ruby.

So, basically, sit through the examples and the Ruby fanboyism, then you can get your hands on the code and start breaking stuff. Beer will be given away during this talk.