Question

Fuzzing is the process of sending a wide range of invalid and unexpected data to an application and monitoring the application for exceptions. Sometimes hackers craft this invalid data for a specific purpose; other times, they generate it randomly or by using algorithms. In both cases, the goal is to induce unexpected behavior, like crashes, and then check if the error leads to an exploitable bug. Fuzzing is particularly useful for exposing bugs like memory leaks, control flow issues, and race conditions. For example, you can fuzz compiled binaries for vulnerabilities by using tools like the American Fuzzy Lop, or AFL ( https://github.com/google/AFL/ ).

模糊测试是通过向应用程序发送大量无效和意外的数据，并监视异常情况的过程。有时黑客会为特定目的创建此无效数据; 在其他情况下，他们会随机生成或使用算法生成它。在两种情况下，目标都是诱导意外行为，如崩溃，然后检查错误是否导致可利用的漏洞。模糊测试特别有用于暴露诸如内存泄漏，控制流问题和竞争条件等 bug。例如，您可以使用类似美国 Fuzzy Lop 的工具（https://github.com/google/AFL/）对编译后的二进制文件进行漏洞扫描。

There are many kinds of fuzzing, each optimized for testing a specific type of issue in an application. Web application fuzzing is a technique that attempts to expose common web vulnerabilities, like injection issues, XSS, and authentication bypass.

有许多种模糊测试方法，每种方法都针对特定类型的应用问题进行了优化。Web 应用模糊测试是一种试图暴露常见 Web 漏洞的技术，例如注入问题、XSS 和认证绕过。