Beispiel #1
0
    def _get_input_filename(self):
        """
        Gets a filename from the Mutation Queue
        Moves the Queue elements around
        (from mutation to processed one)
        """
        if mutationQueue.empty():
            # Mutation Queue is empty. Restore the elements
            # (from the processed Queue)
            while not processedQueue.empty():
                mutationQueue.put(processedQueue.get())

        e = mutationQueue.get()
        processedQueue.put(e)

        return e.filename
Beispiel #2
0
    def _get_input_filename(self):
        """
        Gets a filename from the Mutation Queue
        Moves the Queue elements around
        (from mutation to processed one)
        """
        if mutationQueue.empty():
            # Mutation Queue is empty. Restore the elements
            # (from the processed Queue)
            while not processedQueue.empty():
                mutationQueue.put(processedQueue.get())

        e = mutationQueue.get()
        processedQueue.put(e)

        return e.filename
Beispiel #3
0
def fuzzing_loop():
    """
    Fuzzing Loop.
    This loops (maybe indefinitely) creating several
    fuzzing processes
    """
    m_id = 0

    # Instantiate without params to deactivate debugging
    filegen = myFileGenerator(debug = DEBUG)

    # Initialize the Queue with the sample files
    ml.info("[*] Initializing queue...")

    for s in fileops.get_all_filenames(filegen.mutations_dir):
        mutationQueue.put(FileToMutate(0, s, m_id, None))
        m_id += 1

    ml.info("[*] Queue initialized with %d files" % m_id)
    ml.info("[*] Starting fuzzing process...")

    while True:
        # subprocess.call() is blocking, exactly what I need :)
        # Execution continues when this subprocess returns, either:
        # * instrumented process exits
        # * instrumented process crashes
        # * timeout expires (implemented in PinTool)

        m_id += 1

        # This generates the mutations and
        # it writes the current test file
        mutation_filename = filegen.write_test_case()

        if mutation_filename:
            mutation_bitmap = run_under_pin(mutation_filename)

        else:
            continue

        # Get the bitmap of the original file (mutation parent)
        interesting = is_interesting_input(mutation_bitmap)

        if not interesting:
            # Uninteresting. Throwing away this mutation.
            filegen.delete_current_test_case()

        elif interesting == 1:
            # ml.info("*** id: %d: Interesting file. Caused a whole new path. ***" % m_id)
            mutationQueue.put(FileToMutate(1, mutation_filename, m_id, mutation_bitmap))

        elif interesting == 2:
            # ml.info("*** id: %d: The hit count moved to another bin. ***" % m_id)
            mutationQueue.put(FileToMutate(2, mutation_filename, m_id, mutation_bitmap))

        elif interesting == 3:
            ml.info('**** CRASH ****' * 4)
            ml.info(mutation_filename)

            cmd = [myConfig.cfg.get('target_info', 'filename'), mutation_filename]
            # Analyzes the crash (and saves it, if determined interesting)
            analyze_crash(cmd)
Beispiel #4
0
def fuzzing_loop():
    """
    Fuzzing Loop.
    This loops (maybe indefinitely) creating several
    fuzzing processes
    """
    m_id = 0

    # Instantiate without params to deactivate debugging
    filegen = myFileGenerator(debug = DEBUG)

    # Initialize the Queue with the sample files
    ml.info("[*] Initializing queue...")

    for s in fileops.get_all_filenames(filegen.mutations_dir):
        mutationQueue.put(FileToMutate(0, s, m_id, None))
        m_id += 1

    ml.info("[*] Queue initialized with %d files" % m_id)
    ml.info("[*] Starting fuzzing process...")

    while True:
        # subprocess.call() is blocking, exactly what I need :)
        # Execution continues when this subprocess returns, either:
        # * instrumented process exits
        # * instrumented process crashes
        # * timeout expires (implemented in PinTool)

        m_id += 1

        # This generates the mutations and
        # it writes the current test file
        mutation_filename = filegen.write_test_case()

        if mutation_filename:
            mutation_bitmap = run_under_pin(mutation_filename)

        else:
            continue

        # Get the bitmap of the original file (mutation parent)
        interesting = is_interesting_input(mutation_bitmap)

        if not interesting:
            # Uninteresting. Throwing away this mutation.
            filegen.delete_current_test_case()

        elif interesting == 1:
            # ml.info("*** id: %d: Interesting file. Caused a whole new path. ***" % m_id)
            mutationQueue.put(FileToMutate(1, mutation_filename, m_id, mutation_bitmap))

        elif interesting == 2:
            # ml.info("*** id: %d: The hit count moved to another bin. ***" % m_id)
            mutationQueue.put(FileToMutate(2, mutation_filename, m_id, mutation_bitmap))

        elif interesting == 3:
            ml.info('**** CRASH ****' * 4)
            ml.info(mutation_filename)

            cmd = [cfg.get('target_info', 'filename'), mutation_filename]
            # Analyzes the crash (and saves it, if determined interesting)
            analyze_crash(cmd)