1This is a harness to help with fuzzing KEX. 2 3To use it, you first set it to count packets in each direction: 4 5./kexfuzz -K diffie-hellman-group1-sha1 -k host_ed25519_key -c 6S2C: 29 7C2S: 31 8 9Then get it to record a particular packet (in this case the 4th 10packet from client->server): 11 12./kexfuzz -K diffie-hellman-group1-sha1 -k host_ed25519_key \ 13 -d -D C2S -i 3 -f packet_3 14 15Fuzz the packet somehow: 16 17dd if=/dev/urandom of=packet_3 bs=32 count=1 # Just for example 18 19Then re-run the key exchange substituting the modified packet in 20its original sequence: 21 22./kexfuzz -K diffie-hellman-group1-sha1 -k host_ed25519_key \ 23 -r -D C2S -i 3 -f packet_3 24 25A comprehensive KEX fuzz run would fuzz every packet in both 26directions for each key exchange type and every hostkey type. 27This will take some time. 28 29