RFuzz’s Design

RFuzz is designed similar Mongrel in that it is:

  • As simple and thin as possible while still being useful.
  • Based on a C based HTTP parser for processing the response correctly.
  • Simple usage for the majority of cases, but extensible for advanced users.
  • Very consistent design to reduce the learning curve.

RFuzz adds a few more constraints that Mongrel can’t have:

  • Absolutely no exception handling so that test failures are exposed.
  • No threads or blocks unless they make a DSL more useful.
  • All requests are based on data elements (hashes, strings, arrays) so they can be stored.

Design Goals

A primary reason for working on RFuzz is to motivate myself to write an HTTP client based on the Mongrel C parser. I wasn’t too happy with the net/http client for many situations, and when using it for testing it was hiding too much information. I needed something bare metal so that I could feel every hit like an aluminum bat fighting a chainsaw.

In order to build a complete fuzzing system for HTTP it’s also necessary to build a generic set of additional tools: client library, random generator, session maintenance, and test harnesses. By aiming for a fuzzing tool I’m able to also write many other libraries that are useful outside of the RFuzz project.

Finally, a secondary design goal is to base the usage and instructions for RFuzz on scientific statistical analysis. I’m not a grand expert in this, but hopefully I can use RFuzz as the carrot that gets people interested in analyzing software information with statistics.

RFuzz Tour (as of 0.6)

  • RFuzz—Main RFuzz module.
  • RFuzz::HttpClient—The base HTTP client class for accessing the server.
  • RFuzz::HttpEncoding —Mixin module that handles various HTTP encodings.
  • RFuzz::HttpResponse —A Hash with extra variables particular to an HTTP response.
  • RFuzz::Notifier —You can register one of these with HttpClient to get status during the request process.
  • RFuzz::RandomGenerator —Generates random stuff very fast and consistently on all machines.
  • RFuzz::Sampler —Used to conduct statistical sampling.
  • RFuzz::Session —Implements a simple DSL for running tests, generating randomness, and gathering Sampler stats, then recording them to .csv files to later analysis.

You can get a lot more documentation from the RDoc generated documentation and you can check out the samples to find out how this stuff is used.