I can't believe that I have to say this... But this is not an ad. I think it's just a super useful and not well known tool. It's open source, it's free, there are no commercial interest whatsoever. I'm excited about it and think it deserves to be shared, and at the same time I was able to showcase what basic fuzzing is.
The best fuzzer I have ever used is AFL. Very powerful and has tons of features, but to get started I think this radamsa is a good idea. AFL can get really complicated.
+LiveOverflow If you'll ever land/end up in Poland -> I want to have a beer with You. I'm watching your videos week to week (together with Gynvael's channels). Thank you for everything! Radamsa looks so interesting!
well you said one thing at the and: "if you have an xml parser this is really good test input.." . but what you actually want to say is: if you are writing an xml parser on your own, that is really good test input. if you use one of the main xml parsers, the program behind that parser will probably never crash, because radamsa just generates non-xml that will be ignored by the xml parser.
If you look on the github page of radamsa, which list CVEs that were found using radamsa as fuzzer, you find several XML vulnerabilities... For example CVE-2012-2870 was found with radamsa, it's a crash in an XML parser ;)
Hey, I will probably get ignored but whatever lol, I really want to start hacking but I don't know where to start there are so many videos about so many things I do not understand at all, I want to learn how to hack accounts, cameras, etc (NEVER do anything harmful, just something for fun)
![เปิด อาณาจักร หมื่นล้าน "สาระตั้ม" l [Nickynachat]](http://i.ytimg.com/vi/3XE0nPF4YkQ/mqdefault.jpg)
I can't believe that I have to say this... But this is not an ad. I think it's just a super useful and not well known tool. It's open source, it's free, there are no commercial interest whatsoever. I'm excited about it and think it deserves to be shared, and at the same time I was able to showcase what basic fuzzing is.
Wouldn't mind an ad like this. It's an ad for something that's actually interesting and useful, explaining and demonstrating it.
Advert Slaxxor Exactly.
Tool reviews like this are actually pretty helpful and cool, keep doing this kind of stuff please!
Always struggled getting good data for input test cases, so this will be really helpful! :)
The best fuzzer I have ever used is AFL. Very powerful and has tons of features, but to get started I think this radamsa is a good idea. AFL can get really complicated.
afl gets very complicated when dealing with sockets
For april fools you should change your pfp to shrek and rename your channel live ogreflow
Linux is like an onion: it has rings
I can see the potential, really smart program!
Perhaps I am weird, but I don't want to run a fuzzer multiple times like this.
No intro in this video...I like that!
Any way to fuzz a shared-lib via radamsa? Like, test all the function without needing to create a separate binary to test.
+LiveOverflow If you'll ever land/end up in Poland -> I want to have a beer with You. I'm watching your videos week to week (together with Gynvael's channels). Thank you for everything! Radamsa looks so interesting!
pipe radamsa into a serial port = fuzzing some embedded firmware. Compromises made for the limited resources can introduces bugs.
inb4 you end up with ice9.exe (person of interest reference)
How would you recommend recording and analysing relevant crashes with this?
Added to favorites so I could do this when I get more experience ;)
Maybe I'll revisit this video in a few years
Have you met John the Rippers cousin? radamsa the fuzzer? lolcat
how have i never heard of this amazing tool? :D
well you said one thing at the and: "if you have an xml parser this is really good test input.." . but what you actually want to say is: if you are writing an xml parser on your own, that is really good test input. if you use one of the main xml parsers, the program behind that parser will probably never crash, because radamsa just generates non-xml that will be ignored by the xml parser.
If you look on the github page of radamsa, which list CVEs that were found using radamsa as fuzzer, you find several XML vulnerabilities...
For example CVE-2012-2870 was found with radamsa, it's a crash in an XML parser ;)
could you please tell me what software do you use for your videos?
Does it work for Web service fuzzing or just software ?
sir how did you learn so much of things. Is you learn from your college or somewhere else sir please tell me.
lmao
Isn't clang libFuzzer better?
guided fuzzing like libFuzzer or AFL are very different from what this is
Its amazing
BuT hOw DoEs iT WeRk
1337 - (document.domain) ?
Where exactly in the video did you see that? I can't find it :/
:facepalm: I can't believe how many ppl think this is a paid ad or something.
Thanks, nice videnks, nice videnks, nice videnks, nice vide%do!
How is it better than AFL?
it's very different to AFL. Oranges and Apples.
AFL is a fuzzer
radamsa generates fuzzing test cases
basically radamsa generates input for use with AFL when fuzzing programs
Thanks for clarification!
Good shit
Hey, I will probably get ignored but whatever lol, I really want to start hacking but I don't know where to start there are so many videos about so many things I do not understand at all, I want to learn how to hack accounts, cameras, etc (NEVER do anything harmful, just something for fun)
Hi
Notification squad :D
got a notification 10 min too late :D
What is fucking? I don't get it