From b11260f064ef6f2341d2b637f2e9a4dcc5b9f50c Mon Sep 17 00:00:00 2001 From: Aldo Cortesi Date: Fri, 16 Nov 2012 15:00:15 +1300 Subject: [PATCH] Expand basic fuzzing example. --- libpathod/templates/docs_pathoc.html | 29 ++++++++++++++++++++++------ 1 file changed, 23 insertions(+), 6 deletions(-) diff --git a/libpathod/templates/docs_pathoc.html b/libpathod/templates/docs_pathoc.html index 5c07aee33..b9338c87e 100644 --- a/libpathod/templates/docs_pathoc.html +++ b/libpathod/templates/docs_pathoc.html @@ -89,16 +89,33 @@ the command-line help:

a few of its command-line options makes for quite a powerful basic fuzzer. Here's an example:

- 
> pathoc -t 2 -n 1000 localhost get:/:b@10:ir,@1
+ 
> pathoc -e -C 200 -t 2 -n 1000 localhost get:/:b@10:ir,@1

The request specified here is a valid GET with a body consisting of 10 random bytes, but with 1 random byte inserted in a random place. This could be in the headers, in the initial request line, or in the body itself. - Corrupting the request in this way will often make the server enter a state - where it's awaiting more input from the client. This is where the -t - option comes in, which sets a timeout that causes pathoc to disconnect - after two seconds. Finally, the -n option tells pathoc to repeat the - request 1000 times.

+ There are a few things to note here:

+ +