regress/misc/kexfuzz/README - security/openssh-library - Rivoreo Source Code Repositories

 This is a harness to help with fuzzing KEX.

 To use it, you first set it to count packets in each direction:

 ./kexfuzz -K diffie-hellman-group1-sha1 -k host_ed25519_key -c
 S2C: 29
 C2S: 31

 Then get it to record a particular packet (in this case the 4th
 packet from client->server):

 ./kexfuzz -K diffie-hellman-group1-sha1 -k host_ed25519_key \
     -d -D C2S -i 3 -f packet_3

 Fuzz the packet somehow:

 dd if=/dev/urandom of=packet_3 bs=32 count=1 # Just for example

 Then re-run the key exchange substituting the modified packet in
 its original sequence:

 ./kexfuzz -K diffie-hellman-group1-sha1 -k host_ed25519_key \
     -r -D C2S -i 3 -f packet_3

 A comprehensive KEX fuzz run would fuzz every packet in both
 directions for each key exchange type and every hostkey type.
 This will take some time.
	This is a harness to help with fuzzing KEX.

	To use it, you first set it to count packets in each direction:

	./kexfuzz -K diffie-hellman-group1-sha1 -k host_ed25519_key -c
	S2C: 29
	C2S: 31

	Then get it to record a particular packet (in this case the 4th
	packet from client->server):

	./kexfuzz -K diffie-hellman-group1-sha1 -k host_ed25519_key \
	-d -D C2S -i 3 -f packet_3

	Fuzz the packet somehow:

	dd if=/dev/urandom of=packet_3 bs=32 count=1 # Just for example

	Then re-run the key exchange substituting the modified packet in
	its original sequence:

	./kexfuzz -K diffie-hellman-group1-sha1 -k host_ed25519_key \
	-r -D C2S -i 3 -f packet_3

	A comprehensive KEX fuzz run would fuzz every packet in both
	directions for each key exchange type and every hostkey type.
	This will take some time.