The author selected the Electronic Frontier Foundation Inc to receive a donation as part of the Write for DOnations program.

作者选择Electronic Frontier Foundation Inc接受捐赠，作为Write for DOnations计划的一部分。

介绍 (Introduction)

Security threats are continually becoming more sophisticated, so developers and systems administrators need to take a proactive approach in defending and testing the security of their applications.

安全威胁不断变得越来越复杂，因此开发人员和系统管理员需要采取主动的方法来防御和测试其应用程序的安全性。

A common method for testing the security of client applications or network services is fuzzing, which involves repeatedly sending invalid or malformed data to the application and analyzing its response. This is useful to help test how resilient and robust the application is to unexpected input, which may include corrupted data or actual attacks.

测试客户端应用程序或网络服务的安全性的常用方法是模糊测试 ，它涉及向应用程序重复发送无效或格式错误的数据并分析其响应。 这对于帮助测试应用程序对意外输入(包括可能损坏的数据或实际攻击)的弹性和健壮性很有用。

Radamsa is an open-source fuzzing tool that can generate test cases based on user-specified input data. Radamsa is fully scriptable, and so far has been successful in finding vulnerabilities in real-world applications, such as Gzip.

Radamsa是一种开放源代码的模糊测试工具，可以根据用户指定的输入数据生成测试用例。 Radamsa具有完全可编写脚本的功能，到目前为止，它已经成功地发现了诸如Gzip之类的实际应用程序中的漏洞。

In this tutorial, you will install and use Radamsa to fuzz test command-line and network-based applications using your own test cases.

在本教程中，您将安装并使用Radamsa使用自己的测试用例对命令行和基于网络的应用程序进行模糊测试。

Warning: Radamsa is a penetration testing tool which may allow you to identify vulnerabilities or weaknesses in certain systems or applications. You must not use vulnerabilities found with Radamsa for any form of reckless behavior, harm, or malicious exploitation. Vulnerabilities should be ethically reported to the maintainer of the affected application, and not disclosed publicly without explicit permission.

警告： Radamsa是一种渗透测试工具，可以使您识别某些系统或应用程序中的漏洞或弱点。 您不得将Radamsa发现的漏洞用于任何形式的鲁ck行为，危害或恶意利用。 漏洞应从伦理上报告给受影响的应用程序的维护者，未经明确允许，不得公开披露。

先决条件 (Prerequisites)

Before you begin this guide you’ll need the following:

在开始本指南之前，您需要满足以下条件：

• One Ubuntu 18.04 server set up by following the Initial Server Setup with Ubuntu 18.04, including a sudo non-root user and enabled firewall to block non-essential ports.

  通过对Ubuntu 18.04进行初始服务器设置来设置一台Ubuntu 18.04服务器，包括sudo非root用户和已启用的防火墙以阻止非必需端口。

• A command-line or network-based application that you wish to test, for example Gzip, Tcpdump, Bind, Apache, jq, or any other application of your choice. As an example for the purposes of this tutorial, we’ll use jq.

  您要测试的命令行或基于网络的应用程序，例如Gzip，Tcpdump，Bind，Apache，jq或您选择的任何其他应用程序。 作为本教程的示例，我们将使用jq 。

Warning: Radamsa can cause applications or systems to run unstably or crash, so only run Radamsa in an environment where you are prepared for this, such as a dedicated server. Please also ensure that you have explicit written permission from the owner of a system before conducting fuzz testing against it.

警告： Radamsa可能导致应用程序或系统运行不稳定或崩溃，因此，仅在您为此做好准备的环境(例如专用服务器)中运行Radamsa。 在对系统进行模糊测试之前，还请确保您已获得系统所有者的明确书面许可。

Once you have these ready, log in to your server as your non-root user to begin.

准备就绪后，以非root用户身份登录到服务器以开始。

第1步-安装Radamsa (Step 1 — Installing Radamsa)

Firstly, you will download and compile Radamsa in order to begin using it on your system. The Radamsa source code is available in the official repository on GitLab.

首先，您将下载并编译Radamsa，以便开始在系统上使用它。 Radamsa源代码可在GitLab上的官方存储库中找到 。

Begin by updating the local package index to reflect any new upstream changes:

首先更新本地包索引以反映任何新的上游更改：

Then, install the gcc, git, make, and wget packages needed to compile the source code into an executable binary:

然后，安装将源代码编译成可执行二进制文件所需的gcc ， git ， make和wget软件包：

After confirming the installation, apt will download and install the specified packages and all of their required dependencies.

确认安装后， apt将下载并安装指定的软件包及其所有必需的依赖项。

Next, you’ll download a copy of the source code for Radamsa by cloning it from the repository hosted on GitLab:

接下来，您将通过从GitLab托管的存储库中克隆Radamsa的源代码来下载该副本：

This will create a directory called radamsa, containing the source code for the application. Move into the directory to begin compiling the code:

这将创建一个名为radamsa的目录，其中包含应用程序的源代码。 进入目录开始编译代码：

Next, you can start the compilation process using make:

接下来，您可以使用make开始编译过程：

Finally, you can install the compiled Radamsa binary to your $PATH:

最后，您可以将编译的Radamsa二进制文件安装到$PATH ：

Once this is complete, you can check the installed version to make sure that everything is working:

完成此操作后，您可以检查已安装的版本以确保一切正常：

Your output will look similar to the following:

您的输出将类似于以下内容：

   

    Output
   
Radamsa 0.6

If you see a radamsa: command not found error, double-check that all required dependencies were installed and that there were no errors during compilation.

如果看到radamsa: command not found错误，请仔细检查是否已安装所有必需的依赖项，并且在编译过程中没有错误。

Now that you’ve installed Radamsa, you can begin to generate some sample test cases to understand how Radamsa works and what it can be used for.

现在，您已经安装了Radamsa，可以开始生成一些示例测试用例，以了解Radamsa的工作方式以及其用途。

第2步-生成模糊测试用例 (Step 2 — Generating Fuzzing Test Cases)

Now that Radamsa has been installed, you can use it to generate some fuzzing test cases.

现在已经安装了Radamsa，您可以使用它来生成一些模糊测试用例。

A test case is a piece of data that will be used as input to the program that you are testing. For example, if you are fuzz testing an archiving program such as Gzip, a test case may be a file archive that you are attempting to decompress.

测试用例是一条数据，将用作要测试的程序的输入。 例如，如果要对诸如Gzip之类的归档程序进行模糊测试，则测试用例可能是您尝试解压缩的文件存档。

Note: Radamsa will manipulate input data in a wide variety of unexpected ways, including extreme repetition, bit flips, control character injection, and so on. This may cause your terminal session to break or become unstable, so be aware of this before proceeding.

注意： Radamsa将以多种意外方式处理输入数据，包括极端重复， 位翻转 ，控制字符注入等。 这可能会导致您的终端会话中断或变得不稳定，因此在继续操作之前请注意这一点。

Firstly, pass a simple piece of text to Radamsa to see what happens:

首先，将一段简单的文本传递给Radamsa看看会发生什么：

This will manipulate (or fuzz) the inputted data and output a test case, for example:

这将操纵(或模糊测试)输入的数据并输出测试用例，例如：

   

    Output
   
Hello,, world!

In this case, Radamsa added an extra comma between Hello and world. This may not seem like a significant change, but in some applications this may cause the data to be interpreted incorrectly.

在这种情况下，Radamsa在Hello和world之间添加了一个逗号。 这看起来似乎不是一个重大变化，但是在某些应用程序中，这可能会导致数据解释不正确。

Let’s try again by running the same command. You’ll see different output:

让我们通过运行相同的命令再试一次。 您会看到不同的输出：

   

    Output
   
Hello, '''''''wor'd!

This time, multiple single quotes (') were inserted into the string, including one that overwrote the l in world. This particular test case is more likely to result in problems for an application, as single/double quotes are often used to separate different pieces of data in a list.

这次，在字符串中插入了多个单引号( ' )，其中包括一个覆盖了world的l引号。 这种特殊的测试用例更有可能导致应用程序出现问题，因为单引号/双引号经常用于分隔列表中的不同数据。

Let’s try one more time:

让我们再尝试一次：

   

    Output
   
Hello, $+$PATH\u0000`xcalc`world!

In this case, Radamsa inserted a shell injection string, which will be useful to test for command injection vulnerabilities in the application that you are testing.

在这种情况下，Radamsa插入了一个外壳注入字符串，这对于在您正在测试的应用程序中测试命令注入漏洞很有用。

You’ve used Radamsa to fuzz an input string and produce a series of test cases. Next, you will use Radamsa to fuzz a command-line application.

您已经使用Radamsa来模糊输入字符串并生成一系列测试用例。 接下来，您将使用Radamsa来模糊命令行应用程序。

第3步-模糊命令行应用程序 (Step 3 — Fuzzing a Command-line Application)

In this step, you’ll use Radamsa to fuzz a command-line application and report on any crashes that occur.

在此步骤中，您将使用Radamsa对命令行应用程序进行模糊处理并报告发生的任何崩溃。

The exact technique for fuzzing each program varies massively, and different methods will be most effective for different programs. However, in this tutorial we will use the example of jq, which is a command-line program for processing JSON data.

使每个程序模糊的确切技术千差万别，不同的方法对于不同的程序将是最有效的。 但是，在本教程中，我们将使用jq的示例，它是用于处理JSON数据的命令行程序。

You may use any other similar program as long as it follows the general principle of taking some form of structured or unstructured data, doing something with it, and then outputting a result. For instance this example would also work with Gzip, Grep, bc, tr, and so on.

您可以使用任何其他类似程序，只要它遵循以下一般原则：采取某种形式的结构化或非结构化数据，对其进行处理，然后输出结果。 例如，此示例还将与Gzip，Grep，bc，tr等一起使用。

If you don’t already have jq installed, you can install it using apt:

如果尚未安装jq ，则可以使用apt安装它：

jq will now be installed.

现在将安装jq 。

To begin fuzzing, create a sample JSON file that you’ll use as the input to Radamsa:

要开始进行模糊测试，请创建一个示例JSON文件，用作Radamsa的输入：

Then, add the following sample JSON data to the file:

然后，将以下示例JSON数据添加到文件中：

{
  "test": "test",
  "array": [
    "item1: foo",
    "item2: bar"
  ]
}

You can parse this file using jq if you wish to check that the JSON syntax is valid:

如果要检查JSON语法是否有效，可以使用jq解析此文件：

If the JSON is valid, jq will output the file. Otherwise, it will display an error, which you can use to correct the syntax where required.

如果JSON有效，则jq将输出文件。 否则，它将显示错误，您可以在需要时使用该错误来更正语法。

Next, fuzz the test JSON file using Radamsa and then pass it to jq. This will cause jq to read the fuzzed/manipulated test case, rather than the original valid JSON data:

接下来，使用Radamsa模糊测试JSON文件，然后将其传递给jq 。 这将导致jq读取模糊/操纵的测试用例，而不是原始有效的JSON数据：

If Radamsa fuzzes the JSON data in a way that it is still syntactically valid, jq will output the data, but with whatever changes Radamsa made to it.

如果Radamsa以仍然在语法上有效的方式对JSON数据进行模糊处理，则jq将输出数据，但对Radamsa进行任何更改。

Alternatively, if Radamsa causes the JSON data to become invalid, jq will display a relevant error. For example:

或者，如果Radamsa导致JSON数据无效，则jq将显示相关错误。 例如：

   

    Output
   
parse error: Expected separator between values at line 5, column 16

The alternate outcome would be that jq is unable to correctly handle the fuzzed data, causing it to crash or misbehave. This is what you’re really looking for with fuzzing, as this may be indicative of a security vulnerability such as a buffer overflow or command injection.

另一种结果是jq无法正确处理模糊数据，从而导致崩溃或行为异常。 这正是您使用模糊测试的真正目的，因为这可能表明存在安全漏洞，例如缓冲区溢出或命令注入。

In order to more efficiently test for vulnerabilities like this, a Bash script can be used to automate the fuzzing process, including generating test cases, passing them to the target program and capturing any relevant output.

为了更有效地测试此类漏洞，可以使用Bash脚本来自动化模糊测试过程，包括生成测试用例，将其传递给目标程序并捕获任何相关输出。

Create a file named jq-fuzz.sh:

创建一个名为jq-fuzz.sh的文件：

The exact script content will vary depending on the type of program that you’re fuzzing and the input data, but in the case of jq and other similar programs, the following script suffices.

确切的脚本内容将根据您正在模糊处理的程序类型和输入数据而有所不同，但是对于jq和其他类似程序，以下脚本即可满足要求。

Copy the script into your jq-fuzz.sh file:

将脚本复制到您的jq-fuzz.sh文件中：

#!/bin/bash
while true; do
  radamsa test.json > input.txt
  jq . input.txt > /dev/null 2>&1
  if [ $? -gt 127 ]; then
    cp input.txt crash-`date +s%.%N`.txt
    echo "Crash found!"
  fi
done

This script contains a while to make the contents loop repeatedly. Each time the script loops, Radamsa will generate a test case based on test.json and save it to input.txt.

此脚本包含一段while以使内容重复循环。 每次脚本循环时，Radamsa都会基于test.json生成一个测试用例，并将其保存到input.txt 。

The input.txt test case will then be run through jq, with all standard and error output redirected to /dev/null to avoid filling up the terminal screen.

然后，将通过jq运行input.txt测试用例，并将所有标准和错误输出重定向到/dev/null以避免填满终端屏幕。

Finally, the exit value of jq is checked. If the exit value is greater than 127, this is indicative of a fatal termination (a crash), then the input data is saved for review at a later date in a file named crash- followed by the current date in Unix seconds and nanoseconds.

最后，检查jq的退出值。 如果退出值大于127 ，则表明发生了致命的终止(崩溃)，然后将输入数据保存在以后的文件中，以供稍后查看，该文件名为crash-后跟当前日期(以Unix秒和纳秒为单位)。

Mark the script as executable and set it running in order to begin automatically fuzz testing jq:

将脚本标记为可执行文件并将其设置为运行，以便开始自动进行模糊测试jq ：

You can issue CTRL+C at any time to terminate the script. You can then check whether any crashes have been found by using ls to display a directory listing containing any crash files that have been created.

您可以随时发出CTRL+C来终止脚本。 然后，您可以使用ls显示包含已创建的任何崩溃文件的目录列表，以检查是否发现了任何崩溃。

You may wish to improve your JSON input data since using a more complex input file is likely to improve the quality of your fuzzing results. Avoid using a large file or one that contains a lot of repeated data—an ideal input file is one that is small in size, yet still contains as many ‘complex’ elements as possible. For example, a good input file will contain samples of data stored in all formats, including strings, integers, booleans, lists, and objects, as well as nested data where possible.

您可能希望改善JSON输入数据，因为使用更复杂的输入文件可能会改善模糊测试结果的质量。 避免使用较大的文件或包含大量重复数据的文件-理想的输入文件应较小，但仍应包含尽可能多的“复杂”元素。 例如，一个好的输入文件将包含以所有格式存储的数据样本，包括字符串，整数，布尔值，列表和对象，以及在可能的情况下嵌套的数据。

You’ve used Radamsa to fuzz a command-line application. Next, you’ll use Radamsa to fuzz requests to network services.

您已使用Radamsa来模糊命令行应用程序。 接下来，您将使用Radamsa来模糊对网络服务的请求。

第4步-对网络服务的请求进行模糊处理 (Step 4 — Fuzzing Requests to Network Services)

Radamsa can also be used to fuzz network services, either acting as a network client or server. In this step, you’ll use Radamsa to fuzz a network service, with Radamsa acting as the client.

Radamsa还可以用作网络服务或服务器的网络服务。 在此步骤中，您将使用Radamsa来模糊网络服务，而Radamsa充当客户端。

The purpose of fuzzing network services is to test how resilient a particular network service is to clients sending it malformed and/or malicious data. Many network services such as web servers or DNS servers are usually exposed to the internet, meaning that they are a common target for attackers. A network service that is not sufficiently resistant to receiving malformed data may crash, or even worse fail in an open state, allowing attackers to read sensitive data such as encryption keys or user data.

使网络服务模糊不清的目的是测试特定网络服务对向其发送格式错误和/或恶意数据的客户端的弹性。 许多网络服务(例如Web服务器或DNS服务器)通常都暴露于Internet，这意味着它们是攻击者的共同目标。 不能充分抵抗接收格式错误的数据的网络服务可能会崩溃，甚至在打开状态下甚至失败，从而使攻击者可以读取敏感数据，例如加密密钥或用户数据。

The specific technique for fuzzing network services varies enormously depending on the network service in question, however in this example we will use Radamsa to fuzz a basic web server serving static HTML content.

根据所讨论的网络服务，使网络服务模糊化的具体技术差异很大，但是，在此示例中，我们将使用Radamsa对服务静态HTML内容的基本Web服务器进行模糊处理。

Firstly, you need to set up the web server to use for testing. You can do this using the built-in development server that comes with the php-cli package. You’ll also need curl in order to test your web server.

首先，您需要设置用于测试的Web服务器。 您可以使用php-cli软件包随附的内置开发服务器来执行此操作。 您还需要curl才能测试您的Web服务器。

If you don’t have php-cli and/or curl installed, you can install them using apt:

如果您没有安装php-cli和/或curl ，则可以使用apt安装它们：

Next, create a directory to store your web server files in and move into it:

接下来，创建一个目录来存储您的Web服务器文件并移入其中：

Then, create a HTML file containing some sample text:

然后，创建一个包含一些示例文本HTML文件：

Add the following to the file:

将以下内容添加到文件中：

<h1>Hello, world!</h1>

You can now run your PHP web server. You’ll need to be able to view the web server log while still using another terminal session, so open another terminal session and SSH to your server for this:

现在，您可以运行PHP Web服务器。 您将需要能够在仍然使用另一个终端会话的同时查看Web服务器日志，因此请为此打开另一个终端会话并SSH到服务器：

This will output something similar to the following:

这将输出类似于以下内容：

   

    Output
   
PHP 7.2.24-0ubuntu0.18.04.1 Development Server started at Wed Jan  1 16:06:41 2020
Listening on http://localhost:8080
Document root is /home/user/www
Press Ctrl-C to quit.

You can now switch back to your original terminal session and test that the web server is working using curl:

现在，您可以切换回原始终端会话，并使用curl测试Web服务器是否正常工作：

This will output the sample index.html file that you created earlier:

这将输出您先前创建的样本index.html文件：

   

    Output
   
<h1>Hello, world!</h1>

Your web server only needs to be accessible locally, so you should not open any ports on your firewall for it.

您的Web服务器仅需要在本地访问，因此您不应在防火墙上打开任何端口。

Now that you’ve set up your test web server, you can begin to fuzz test it using Radamsa.

现在，您已经设置了测试Web服务器，您可以开始使用Radamsa对它进行模糊测试。

First, you’ll need to create a sample HTTP request to use as the input data for Radamsa. Create a new file to store this in:

首先，您需要创建一个示例HTTP请求以用作Radamsa的输入数据。 创建一个新文件以将其存储在：

Then, copy the following sample HTTP request into the file:

然后，将以下示例HTTP请求复制到文件中：

GET / HTTP/1.1
Host: localhost:8080
User-Agent: test
Accept: */*

Next, you can use Radamsa to submit this HTTP request to your local web server. In order to do this, you’ll need to use Radamsa as a TCP client, which can be done by specifying an IP address and port to connect to:

接下来，您可以使用Radamsa将此HTTP请求提交到本地Web服务器。 为此，您需要将Radamsa用作TCP客户端，这可以通过指定要连接到的IP地址和端口来完成：

Note: Be aware that using Radamsa as a TCP client will potentially cause malformed/malicious data to be transmitted over the network. This may break things, so be very careful to only access networks that you are authorized to test, or preferably, stick to using the localhost (127.0.0.1) address.

注意：请注意，将Radamsa用作TCP客户端可能会导致格式错误/恶意数据通过网络传输。 这可能会破坏事情，因此要非常小心，仅访问您有权测试的网络，或者最好坚持使用localhost( 127.0.0.1 )地址。

Finally, if you view the outputted logs for your local web server, you’ll see that it has received the requests, but most likely not processed them as they were invalid/malformed.

最后，如果您查看本地Web服务器的输出日志，您会看到它已接收到请求，但由于它们无效/格式错误，很可能未处理它们。

The outputted logs will be visible in your second terminal window:

输出的日志将在您的第二个终端窗口中显示：

   

    Output
   
[Wed Jan  1 16:26:49 2020] 127.0.0.1:49334 Invalid request (Unexpected EOF)
[Wed Jan  1 16:28:04 2020] 127.0.0.1:49336 Invalid request (Malformed HTTP request)
[Wed Jan  1 16:28:05 2020] 127.0.0.1:49338 Invalid request (Malformed HTTP request)
[Wed Jan  1 16:28:07 2020] 127.0.0.1:49340 Invalid request (Unexpected EOF)
[Wed Jan  1 16:28:08 2020] 127.0.0.1:49342 Invalid request (Malformed HTTP request)

For optimal results and to ensure that crashes are recorded, you may wish to write an automation script similar to the one used in Step 3. You should also consider using a more complex input file, which may contain additions such as extra HTTP headers.

为了获得最佳结果并确保记录了崩溃，您可能希望编写类似于第3步中使用的自动化脚本。您还应该考虑使用更复杂的输入文件，其中可能包含诸如额外的HTTP标头之类的附加内容。

You’ve fuzzed a network service using Radamsa acting as a TCP client. Next, you will fuzz a network client with Radamsa acting as a server.

您已经使用Radamsa作为TCP客户端来模糊网络服务。 接下来，您将使用Radamsa作为服务器来模糊网络客户端。

步骤5 —模糊化网络客户端应用程序 (Step 5 — Fuzzing Network Client Applications)

In this step, you will use Radamsa to fuzz test a network client application. This is achieved by intercepting responses from a network service and fuzzing them before they are received by the client.

在此步骤中，您将使用Radamsa对网络客户端应用程序进行模糊测试。 这是通过拦截来自网络服务的响应并在客户端收到响应之前对其进行模糊处理来实现的。

The purpose of this kind of fuzzing is to test how resilient network client applications are to receiving malformed or malicious data from network services. For example, testing a web browser (client) receiving malformed HTML from a web server (network service), or testing a DNS client receiving malformed DNS responses from a DNS server.

这种模糊测试的目的是测试网络客户端应用程序如何从网络服务接收畸形或恶意数据。 例如，测试从Web服务器(网络服务)接收格式错误HTML的Web浏览器(客户端)，或测试从DNS服务器接收格式错误的DNS响应的DNS客户端。

As was the case with fuzzing command-line applications or network services, the exact technique for fuzzing each network client application varies considerably, however in this example you will use whois, which is a simple TCP-based send/receive application.

与对命令行应用程序或网络服务进行模糊处理一样，对每个网络客户端应用程序进行模糊处理的确切技术也相差很大，但是在此示例中，您将使用whois ，这是一个简单的基于TCP的发送/接收应用程序。

The whois application is used to make requests to WHOIS servers and receive WHOIS records as responses. WHOIS operates over TCP port 43 in clear text, making it a good candidate for network-based fuzz testing.

whois应用程序用于向WHOIS服务器发出请求，并接收WHOIS记录作为响应。 WHOIS在TCP端口43以明文形式运行，使其成为基于网络的模糊测试的理想选择。

If you don’t already have whois available, you can install it using apt:

如果尚未提供whois ，则可以使用apt安装它：

First, you’ll need to acquire a sample whois response to use as your input data. You can do this by making a whois request and saving the output to a file. You can use any domain you wish here as you’re testing the whois program locally using sample data:

首先，您需要获取样本whois响应以用作输入数据。 您可以通过发出whois请求并将输出保存到文件中来实现。 在使用示例数据在本地测试whois程序时，您可以在此处使用任何域：

Next, you’ll need to set up Radamsa as a server that serves fuzzed versions of this whois response. You’ll need to be able to continue using your terminal once Radamsa is running in server mode, so it is recommended to open another terminal session and SSH connection to your server for this:

接下来，您需要将Radamsa设置为服务器，以提供此whois响应的模糊版本。 Radamsa在服务器模式下运行后，您将需要能够继续使用终端，因此建议为此打开另一个终端会话和与服务器的SSH连接：

Radamsa will now be running in TCP server mode, and will serve a fuzzed version of whois.txt each time a connection is made to the server, no matter what request data is received.

Radamsa现在将以TCP服务器模式运行，并且无论何时接收到任何请求数据，每次与服务器建立连接时，它将提供模糊版本的whois.txt 。

You can now proceed to testing the whois client application. You’ll need to make a normal whois request for any domain of your choice (it doesn’t have to be the same one that the sample data is for), but with whois pointed to your local Radamsa server:

现在，您可以继续测试whois客户端应用程序。 您需要针对您选择的任何域进行正常的whois请求(该域不必与示例数据所针对的域相同)，但是whois指向您的本地Radamsa服务器：

The response will be your sample data, but fuzzed by Radamsa. You can continue to make requests to the local server as long as Radamsa is running, and it will serve a different fuzzed response each time.

响应将是您的样本数据，但Radamsa对此感到困惑。 只要Radamsa正在运行，您就可以继续向本地服务器发出请求，并且每次它将提供不同的模糊响应。

As with fuzzing network services, to improve the efficiency of this network client fuzz testing and ensure that any crashes are captured, you may wish to write an automation script similar to the one used in Step 3.

与模糊测试网络服务一样，为了提高此网络客户端模糊测试的效率并确保捕获所有崩溃，您可能希望编写类似于步骤3中使用的自动化脚本。

In this final step, you used Radamsa to conduct fuzz testing of a network client application.

在最后一步中，您使用Radamsa对网络客户端应用程序进行了模糊测试。

结论 (Conclusion)

In this article you set up Radamsa and used it to fuzz a command-line application, a network service, and a network client. You now have the foundational knowledge required to fuzz test your own applications, hopefully with the result of improving their robustness and resistance to attack.

在本文中，您设置了Radamsa并将其用于模糊命令行应用程序，网络服务和网络客户端。 您现在已经具备了对应用程序进行模糊测试所需的基础知识，希望可以提高它们的鲁棒性和抵抗攻击的能力。

If you wish to explore Radamsa further, you may wish to review the Radamsa README file in detail, as it contains further technical information and examples of how the tool can be used:

如果您想进一步探索Radamsa，则可能希望详细阅读Radamsa README文件，因为它包含更多的技术信息以及如何使用该工具的示例：

• Radamsa README File

  Radamsa自述文件

You may also wish to check out some other fuzzing tools such as American Fuzzy Lop (AFL), which is an advanced fuzzing tool designed for testing binary applications at extremely high speed and accuracy:

您可能还希望检查其他一些模糊测试工具，例如American Fuzzy Lop(AFL)，这是一种先进的模糊测试工具，旨在以极高的速度和精度测试二进制应用程序：

• American Fuzzy Lop

  美国模糊圈

翻译自: https://www.digitalocean.com/community/tutorials/how-to-install-and-use-radamsa-to-fuzz-test-programs-and-network-services-on-ubuntu-18-04