1 This is a harness to help with fuzzing KEX.
3 To use it, you first set it to count packets in each direction:
5 ./kexfuzz -K diffie-hellman-group1-sha1 -k host_ed25519_key -c
9 Then get it to record a particular packet (in this case the 4th
10 packet from client->server):
12 ./kexfuzz -K diffie-hellman-group1-sha1 -k host_ed25519_key \
13 -d -D C2S -i 3 -f packet_3
15 Fuzz the packet somehow:
17 dd if=/dev/urandom of=packet_3 bs=32 count=1 # Just for example
19 Then re-run the key exchange substituting the modified packet in
20 its original sequence:
22 ./kexfuzz -K diffie-hellman-group1-sha1 -k host_ed25519_key \
23 -r -D C2S -i 3 -f packet_3
25 A comprehensive KEX fuzz run would fuzz every packet in both
26 directions for each key exchange type and every hostkey type.
27 This will take some time.