For the moment, this introduction to Python fuzzing contains 3 modules but more will come in the future. If you want to make any proposal, please contact me.
In this first course, I will select a popular Python package (pyasn1) and find some interesting methods to fuzz. Then, I’ll explains how to create a pythonfuzz fuzzing target and how to customize it. Finally, I’ll show how to run the fuzzer and explain some particularity of pythonfuzz.
In this second course, I will fuzz the famous beautifulsoup4 library in order to find uncaught Python exception. I will explain how to create a fuzzing harness using the Atheris fuzzer. Then, I will run it and show you how to replay when you trigger a crash.
In this course, we will target 2 different Python email validation packages. We will develop a simple differential fuzzer to find any implementation/behavior differences. This technique will help us to find logic bugs easily by detecting incorrectness in target’s results.
You will get access of the complete tutorials with source codes, cheatsheets and or complete videos tutorial right below or at this address.