# Fuzzing 101

We'll start with a simple fuzzer.  The idea is to produce random characters, adding them to a buffer string variable (`out`), and finally returning the string.

This implementation uses the following Python features and functions:

* `random.randrange(start, end)` - return a random number [`start`, `end`]
* `range(start, end)` - create a list with integers from `start` to `end`.  Typically used in iterations.
* `for elem in list: body` executes `body` in a loop with `elem` taking each value from `list`.
* `for i in range(start, end): body` executes `body` in a loop with `i` from `start` to `end` - 1.
* `chr(n)` - return a character with ASCII code `n`



In [9]:
import gstbook

In [10]:
import random

In [11]:
# We set a specific seed to get the same inputs each time
random.seed(53727895348829)

In [12]:
def fuzzer(max_length = 100, char_start = 32, char_range = 32):
    """A string of up to `max_length` characters 
       in the range [`char_start`, `char_start` + `char_range`]"""
    string_length = random.randrange(0, max_length)
    out = ""
    for i in range(0, string_length):
        out += chr(random.randrange(char_start, char_start + char_range))
    return out

With its default arguments, the `fuzzer()` function returns a string of random characters:

In [13]:
fuzzer(1000, 64, 32)

'PHACT\\SFTIPSJEVTP\\QC]]HXK@]VUZW]TUYKRVG]O^JAWTIMB_XNERCQA[UUUWZWGMOSY[OICOYDO_MJO[\\RP_SGN\\NVHABXXLHCMK^NIND]NMMYNTEZVANF[S^^^QCQJY[_ISSSLOKEJDDUGYM[X\\HMOWLWGR]QLG[N\\O^_GA]AFF^N\\CE\\CWUTCWQXYBQEOVAQCLNAFSQG@@JIUAMKVGJZO@NRO@TPMZUDJOEQLQRQFV]TEXMRFU\\OAHOE@XQCV]XEHY@XPYJH@LO_Y@TZXSGK_LCF@Y@^VWKUTO]TDI^NACQP_LJWZIEZ\\R\\@FOGKYCS]E^MIB[S\\QT]A[XEOFZ[V\\LGGJ^DU_WAS^JFY\\_[GVHKECDGD_VQS[T@BLASJCQGQF[^OTBSA@ZYJYI]OHNHLNEGB_KBZO[TCGGUYWMIH^TWVVO[G]MH\\T_FT_FBFA]OMD]A\\FH_J_O\\OMHPZOKMYKJG^PG_Y_F[AWSP@^^P\\K_G\\UICMO[@]^N_GMK_NKFE_[Q@RPX@UHBBU_NBZWXHRA_OE^EV[HNYQ@]]PKJVUCQNEY]]S[ZU]@ZRQGXCGYCERIHJL_SGTNWRM]REHEPGTQKGKW'

We can also have `fuzzer()` produce a series of upercase letters.  We use `ord(c)` to return the ASCII code of the character `c`.

In [14]:
fuzzer(100, ord('A'), 26)

'NCSJGSPARSBYUGBJFMMZPRMGEMBWHYBNBLODXQUKEZWUINIXTFSKZAOLXNOURBUJWBXHXZBNYHNGHGYIUYBNUSSFJGY'

We can also have it produce a series of digits:

In [15]:
fuzzer(100, ord('0'), 10)

'96735410455640'

My personal favorite, though, is still simply to have `fuzzer()` produce a long list of garbage...

In [16]:
fuzzer(2000, 32, 96)

'\x7f\\mP89i^s::?qac{2b{[@H;_Ub Yvw%^5_KMux|kJP\\Lq"*X"Q?+g9*/Ttt8@e/RvCP5BIGnU4m;|yD}-GnxJ(ALufq#1h1VXxMCX\x7fUM+"^M6:y23>:WMKhwau;Dn<V%Qz]Ln:`QN s`NTS2#6^j$,~3Mpm$Ot{C5o&<t:7n|ml}XE-U%j51"Vbl;>TK$Dv+%C"JfUa)NETSQtmM+f^@(G32+(vB`o@W|RU6a$21xcqD&\\DlVz|ej!\x7f-1.\\Iz+o6J:tncz\x7fw2-LR4_(TQQ`8BM>kUMcC\x7f<V;ZP[|ERHIC"(\'r@yVO!HwsN_TAMs8oK!}Zcly|$`qk[iGzR }o~i@?btW4%<&?KP"2F0+6pq2d1\x7f:xd>CU[U?Wb)o&U0O{,zp~9DfH/.\x7f/amvvJr0NT@H_>[w5Gkgk*kl.;u}bN/7</k&!u5XZ&A3w"W_{*JbPyP6=a[AP>(8%B]&r\'x{>%Guodp8fD1JU*+~_SXFm}5Lo<X&?}ho.ok:2=FXblz:|~1lMd4F.R&i,TE^-cy%3D!}CHudEO5TUb/_7!)W~a=ng1ZbMrn|@ jK>#f;%j$!6[, Pm[JUa14KHeO7ie}g7e,$vHj6A`dim%AV|yChKC;AB<%dB,OB$ME_X|lI?Hx5o=cn4yAq)Ge/BC:'

... and to feed this into some function or program.

In [17]:
if __name__ == "__main__":
    x = int(fuzzer(100, ord('0'), 10))
    print(x)

418655427319022234162993347851489442135051633291608613469536946573
