Ask HN: I want to implement a network fuzzer in a VNC server. Is it possible?

4 points by kasper ↗ HN
i want to implement a network fuzzer in a vnc server . How far is it possible to code it from scratch and any good ebooks or links on it?

2 comments

[ 2.9 ms ] story [ 13.0 ms ] thread
I'm not clear on what you want to do. Do you want to fuzz a VNC server?

There are some ways you can do that. Try to find docs online that detail the protocol or read the source of open-source VNC servers to infer the protocol. You can then use some existing tools to generate some traffic (peach or scapy, among many others). I'm not a fan of Peach for a few reasons, but some people use it.

In general, you'd want to cover edge cases of inputs being parsed. Signed/unsigned edges for integers, strings of various lengths with common bad input patterns, unordered type-length-value pairs, etc and etc.

Try finding past vulnerabilities in the server you're trying to break and see where others found holes. Check the changelog. Try instrumenting an existing client.

i would like to implement a netowork fuzzer on a client system through a vnc server installed at the server , and if i find an anomaly in the system , i would like to take up complete control of the system. is it possible?