We have designed and implemented an Evolutionary Fuzzing System (EFS) to help find new vulnerabilities. Traditional fuzzing techniques require that a new fuzzer be built for each protocol, a never ending process. EFS attempts to eliminate this effort by dynamically learning a protocol using code coverage and other feedback mechanisms.
Fuzzing is a software testing technique where you supply a program with faulty or randomized data in place of its normally expected input. GPF provides developers, security researchers, and quality assurance professionals the capability to quickly search for bugs/vulnerabilities in the exposed interface of networked applications. GPF uses captured packet sessions (from libpcap) to construct a protocol description from real traffic. Users can then configure various types of injected faults, manually modify the capture file, and define custom functions to deal with dynamic data.