beSTORM Client Menus

The following menus are available in the beSTORM Client:

Project

  • New - Starts a new project using the beSTORM New Project Wizard. For more information, see Getting Started.

  • Open - Opens an existing project.

  • Save/Save as - Saves your current project.

  • Recent Projects - Opens a recently loaded project.

  • Load Last Saved - Reverts the current module to its last saved settings (for example, module configurations, changes made to the beSTORM environment, etc.).

  • Auto Learn - Opens the Auto Learn window for Network Protocol or File Specification. For more information, see Auto Learn.

  • Quit - Closes the beSTORM Client.

Module

  • Load from Attack Vector - Manually instructs beSTORM to begin from a different starting position.

    You can get attack vectors from the Preview pane, beSTORM's log files, exported test cases, or Exception Information.

  • Find Attack Vector - Provides the ability to view previous beSTORM sessions to find a specific Attack Vector based on a certain date value (for example, two days ago at midnight).

    NOTE: Attack vectors are the textual representation of the state that beSTORM's testing is currently at. An Attack Vector shared between multiple beSTORM copies that test and the same protocol will bring beSTORM to the same testing position.

  • Browse Full Screen - Opens the Module Browser pane in a separate full sized window. Use this for browsing the module after you have started and then paused a test.

  • Show Graphical Representation - Generates a graphical view of the module currently in use. The graphical representation shows how each of the module's elements are interconnected and in addition what elements are currently active.

    NOTE: beSTORM saves the graphical representation as a Graphviz file (.dot). You will need an appropriate viewer to view the graphs (for example, http://www.webgraphviz.com/).

  • Edit Module Environment Variables - Allows you to change the current environment settings of beSTORM. For more information, see Environment Variables.

  • Module Buffer Types - Allows you to view the current buffers being used by beSTORM to detect exceptions. For more information, see Module Buffer Types.

  • Increment Module's Position - Allows you to cause the current module to move forward by a set number of positions. Use this option for testing purposes and as a means to skip undesired attack vectors.

  • Simulate Current Position - Tells beSTORM to perform one test, according the current position of the module. For example, in Network Protocol based project, beSTORM would send one packet, representing the current position of the module.

  • Skip Current Buffer Types - During a test, stops fuzzing the current buffer type and starts the fuzzing the next available type. If there are no more buffer types remaining, beSTORM will jump to the next type.

  • Skip Current Buffer - During a test, stops fuzzing the current buffer and starts fuzzing the next available buffer. This is not limited to Buffer (B) and will skip any type of fuzzable node in the module (VB, CC, L, etc.).

Bookmarks

Sets the module to a previous/recent configuration (Seconds or Minutes), allowing beSTORM to go back and replay an entire attack sequence to assist with reproducing discovered issues.

Settings

Configure beSTORM

Selecting this option opens the Project Settings section.

  • Project Name - Specifies the name of the current project. You can edit the project name, if desired.

  • Number of Parallel Attack Threads - Specifies the number of threads to use during a test. Running a test with multiple threads increases its speed, especially when beSTORM modules wait for a response.

  • Environment Settings - Dynamically displays environment settings for the current module. Settings can vary, depending on the module.

Configure Advanced Settings

  • Starting Saturation Rate Threshold - Specifies the starting saturation rate threshold which determines the number of tests sent per second. Slide the control to increase the value. The default value is 100.

  • Scale Type - Optimizes testing by specifying the number of combinations sent per Module Buffer Type. Each Scale Type alters the Estimated combination count per Buffer number. The available options are:

    • Base2+/-2 - Sends buffer combinations by +/-2: 2, 4, 6, 8, 10, 12, 14, 16, etc.

    • Base2+/-1 - Sends buffer combinations by +/-1: 0, 1, 2, 3, 4, 5, 7, 8, 9, 15, 16, 17, etc.

    • Base2 - Sends buffer combinations by 2, 4, 8, 16, 32, etc.

    • Base10+/-2 - Sends buffer combinations by +/-2: 10, 100, 1000, 10000, etc.

    • Base10+/-1 - Sends buffer combinations by +/-1: 10, 100, 1000, 10000, etc.

    • Base10 - Sends buffer combinations by 10, 100, 1000, 10000, etc.

    • Serial - Sends buffer combinations by 1, 2, 3, 4, etc.

      NOTE: The Serial type is extremely time consuming. Only use this type if your test has no time constraints.

    • Timed - Select this type if you have time constraints for your test to run (that is, you can only run beSTORM for 1 hour, 10 hours, 1 day, etc.), but want to test all fields regardless. The Timed type spends one second on each field in the first loop (changing the buffer types as usual but stopping after one second) covering the entire protocol quickly. Then, on the second loop, it spends two seconds on each field, then four seconds, eight seconds, etc., until the allotted time expires. beSTORM will incrementally test more and more of each field until you stop the test manually.

    • Serial/Base2 - Combines the Serial and Base2 types, providing an intermediate option that generates more combinations than Base2, but less than Serial. Sends buffer combinations by 1, 2...4095, 4096, 8192, etc.

  • Increment Order - Determines the order the module will use to test buffer sizes. The order does not affect the combination count or speed of the test.
    • Normal - Starts with small buffer sizes (for example, 2, 4, 8, 16, etc.) and increases in size as the test runs. This order can possibly find vulnerabilities more precisely as the smallest attack will trigger an issue.
    • Reverse - Starts with larger buffer sizes (for example, 2,000,000) and decreases in size as the test runs. This order can possibly find vulnerabilities earlier in the test.

  • Distributed Testing - Combines the Number of beSTORM copies available and beSTORM copy number settings to allow multiple copies of beSTORM to be in use and testing against the device under test (DUT). While working together, each copy can do 1/n of the tests.

    For example, if you run two copies of beSTORM in parallel, one copy will do half of the test, and the other copy will do the other half. The two values in this case would show Number of beSTORM copies available as 2 and beSTORM copy number as 1 in one copy of beSTORM, and beSTORM copies available as 2 and beSTORM copy number as 2 in the other copy of beSTORM.

  • Overflow buffers only once - Prevents testing a field in more than one combination. Selecting this setting can reduce testing time. This setting is disabled by default.

  • Allow Fuzzing of conditioned values - Fuzzes conditioned values (for example, length) as regular fields. Disabling this option only tests these values for logical issues (that is, too large length, too small length, negative length, and zero length) and reduces testing time. This setting is selected by default.

  • Debug function in/out to log files - Instructs beSTORM to log additional debug information into a file (for example, received and sent data, function calls (that process the data), etc.), but doing so will severely impact its performance. This setting is disabled by default.

Configure Behavior Settings

  • Interface refresh rate (seconds) - Specifies the user interface refresh rate. The default value is 1 as this is sometimes a labor-intensive process, but increasing the value slows down the refresh rate of user interface, which is ideal when beSTORM is run in batch mode and user interaction is expected.

  • Saturation Rate Threshold Optimization - Specifies how your testing speed is determined. The available options are:

    • Auto Adjust - Optimize CPU usage - Runs your test as quickly as possible, utilizing up to 75% of available CPU bandwidth on the local machine, based on reports from the beSTORM monitor.

    • Fixed Saturation Rate Threshold - Sends a fixed number of tests per second, based on the starting Saturation Rate Threshold setting selected on the Extra Configuration page of the New Project Wizard.

      NOTE: beSTORM will attempt to reach and stay at this speed during the test, but the speed may fluctuate at times.
  • Send SMTP (Email) Notifications - To send email notifications to contacts when an event in beSTORM occurs during a fuzzing session, enter the following email information:
    • From - The sender's email address to use with email notifications.
    • To - The email addresses to send email notifications to (use a comma (,) to separate multiple email addresses).
    • SMTP Server - The IP address of the SMTP server.
    • SMTP Port - The port number of the SMTP server boxes.
    • Notification Types - After entering email addresses and SMTP information, select which types of notifications to send when the corresponding event occurs:
      • Test Started - When fuzzing starts.
      • Test Paused - When fuzzing is paused.
      • Tested Ended - When fuzzing ends.
      • Test Error - When fuzzing experiences an error.
      • Test Failure - When fuzzing fails.
      • Exception Found - When an exception is found during fuzzing.

Configure Monitor Settings

  • Enable Batch Mode - Instructs beSTORM to run in non-interactive mode. In this mode, beSTORM will automatically start and run a test. If an exception is found, the test will automatically resume as soon as the device under test responds and then automatically close beSTORM once testing is done. This setting is selected by default.

  • Monitor Port Assignment - The monitor can reside on the same computer as the beSTORM Client or a different server. Change the default port numbers, if necessary.

    • External Monitor IP address - The hostname or IP address of the external monitor.

    • Incoming Command Port - Receives responses from the external monitor to the beSTORM Client. The default port number is 6970.

    • Outgoing Command Port - Sends information from the beSTORM Client to the external monitor. The default port number is 6971.

    • Incoming Exception Port - Sends exceptions received by the external monitor to the beSTORM Client. The default port number is 6969.

  • Enable Monitor Enforcement - Instructs beSTORM to not test until the monitor reports that it can monitor the device under test (DUT).

  • Monitor Type(s) - Specifies the provided monitor types/external monitor to use to verify the remote device under test is functional using the ARP, ICMP, UDP, and/or TCP protocols. The available options are:

    • ARP Echo - Attempts to resolve the IP address of the machine tested into a MAC address.
      NOTE: ARP Echo works on LAN in a WAN environment where the target is not on the same network/subnet class. An ARP response is received from the Router that connects the two networks, thus causing a false status.

    • ICMP Echo - Attempts to perform an ICMP Echo/ICMP Response test on the remote IP address.

    • UDP Echo - Attempts to verify whether the remote UDP port is open.

      NOTE: To properly detect UDP as non-responsive/closed, the Windows Firewall must allow ICMP Destination Unreachable packets to arrive. By default, Windows Firewall blocks such packets.

    • TCP Echo - Attempts to verify whether the remote TCP port is open.

    • External Monitor - The beSTORM provided monitor or your own custom monitoring device/program.

    • Monitored IP address - The IP address of the remote device under test to perform ARP, ICMP, UDP, or TCP Echoes monitoring on.

    • Port - The port number of the external monitor (UDP Echo and TCP Echo only). The default value is 1.

    • Interval - The interval to use to verify the remote device in milliseconds. The default value is 5000.

    • When exception is detected, stop the test for <#> seconds - Specifies the number of seconds to use to stop the test when an exception is detected, allowing you to take note of it. The default value is 10.

  • Report Connectivity Issues as Exceptions - Reports connectivity issues with the remote device as an exception. This setting is disabled by default.

    • Number of connectivity failures before reporting back - Specifies the number of failures that need to occur before connectivity issues are reported while Report Connectivity Issues as Exceptions is selected. The default value is 10.

  • Test Fuzzed files by calling beSTORM's Minion - Uses the beSTORM Minion to test files (for example, DLLs). This setting is disabled by default.

    The beSTORM Minion requires the following:

    • beSTORM Minion IP address - The IP address of the beSTORM Minion.

    • Port - The port number to use with the beSTORM Minion.

    • beSTORM Minion Password - The password to use with the beSTORM Minion.

    • Process to Launch (Full Path) - The full path of the process to launch, ideal for when the testing files are part of an application.

Monitor

  • Check Monitor Status - Actively connects to the monitor and checks its status. Use this option to determine if the tested environment is running properly.

  • Configure Monitor Settings - Opens the available Monitor Settings. For more information, see Configure Monitor Settings.

Report

  • Known Vulnerabilities - Provides the option to individually scan for known weak points related to CVEs, SYN Flooding, FINWAIT2 Flooding, Slowloris, or known Web credentials that could be present in the tested environment, and then generate an HTML report of the results.

  • Show Detected Vulnerabilities - Provides a visualization of vulnerabilities found during fuzzing, as well as relevant information like the attack vector.

  • Generate Report - Generates a report for the current project in HTML, PDF, or CSV format.

  • Service Detection - Provides the option to scan for ports (services) that are open on the target computer, and then generate an HTML report of the results.

Help

  • User Guide - Opens the beSTORM User Guide.

  • beSTORM Architecture - Displays the current beSTORM project's testing architecture.

  • About - Displays the beSTORM version number and benchmark information.

  • License - Displays information regarding your beSTORM license.

Related Topics