... and with strange ćons, even death may die.
RFuzz is designed similar Mongrel in that it is:
- As simple and thin as possible while still being useful.
- Based on a C based HTTP parser for processing the response correctly.
- Simple usage for the majority of cases, but extensible for advanced users.
- Very consistent design to reduce the learning curve.
RFuzz adds a few more constraints that Mongrel can’t have:
- Absolutely no exception handling so that test failures are exposed.
- No threads or blocks unless they make a DSL more useful.
- All requests are based on data elements (hashes, strings, arrays) so they can be stored.
A primary reason for working on RFuzz is to motivate myself to write an HTTP client based on the Mongrel C parser. I wasn’t too happy with the net/http client for many situations, and when using it for testing it was hiding too much information. I needed something bare metal so that I could feel every hit like an aluminum bat fighting a chainsaw.
In order to build a complete fuzzing system for HTTP it’s also necessary to build a generic set of additional tools: client library, random generator, session maintenance, and test harnesses. By aiming for a fuzzing tool I’m able to also write many other libraries that are useful outside of the RFuzz project.
Finally, a secondary design goal is to base the usage and instructions for RFuzz on scientific statistical analysis. I’m not a grand expert in this, but hopefully I can use RFuzz as the carrot that gets people interested in analyzing software information with statistics.
RFuzz Tour (as of 0.6)
- RFuzz—Main RFuzz module.
- RFuzz::HttpClient—The base HTTP client class for accessing the server.
- RFuzz::HttpEncoding —Mixin module that handles various HTTP encodings.
- RFuzz::HttpResponse —A Hash with extra variables particular to an HTTP response.
- RFuzz::Notifier —You can register one of these with HttpClient to get status during the request process.
- RFuzz::RandomGenerator —Generates random stuff very fast and consistently on all machines.
- RFuzz::Sampler —Used to conduct statistical sampling.
- RFuzz::Session —Implements a simple DSL for running tests, generating randomness, and gathering Sampler stats, then recording them to .csv files to later analysis.