Jump to content
begood

DotNet Buffer Overflow Finder

By begood, in Linkuri

Recommended Posts

begood Newbie

begood

Posted
Posted

The DN_BOFinder (DotNet Buffer Overflow Finder) is a semi-inteligent tool designed to find Buffer Overflows type vulnerabilities in COM objects used by .NET Assemblies (and mistakes in unsafe .Net code blocks).

Features

Here are some of its features:

Supports fuzzing of individual methods, *.dll files and entire directories

Works by using Reflection to create 'live instances' of classes and then fuzzing each of the exposed methods

there are currently 16 different payloads for basic types (int, unint, char) and strings

Fully automated use of cdb to find issues (i.e. you can start the fuzzer and go for lunch)

use of an 'FuzzedMethods' list for each fuzzed dll to avoid re-fuzzing the same methods

stored of exception information in an 'ExceptionData' file (per dll)

use of an 'ExcludeList'to list the classes/methods that should be further analyzed

auto detection of methods that consume large amounts of memory (currently set to 20M) and auto-detection of methods that 'hang' (some callbacks or windows pop-ups have this behaviour).The methods identified are automatically added to the 'ExcludeList'

The results are current quite conservative (i.e. only the realy bad exeptions are shown). this means that there might be several exploitable vulnerabilies that are currenly reported as 'Normal CLR exception'

A big blind spot at the moment is that the current version does not fuzz certain static methods (which can be invoked without need of a constructor (i.e. a live instance))

When it finds an interface it tries to find who implements that interface and tries to create an instance of them (supports caching of objects for performance reasons). The problem here is that the class created is not documented, and ideally we should be fuzzing each of those implementations (especially in the cases where that Interface is used as a parameter)

When in auto mode, it auto-restarts fuzzing session after a predefined number of seconds (this also helps in long fuzzing sessions since the process is refreshed regularly, which of course might also introduce some blind spots)

sursa : https://www.owasp.org/index.php/DN_BOFinder

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...