Esempio n. 1
0
    def _configure_session(self):
        target_config = ConfigurationManager.get_target()
        startup_command = ConfigurationManager.get_startup_command()

        ssl_context = None
        if self._protocol == 'ssl':
            ssl_context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
            ssl_context.check_hostname = False
            ssl_context.verify_mode = ssl.CERT_NONE

        recv_timeout = ConfigurationManager.get_receive_timeout()

        remote_connection = SocketConnection(target_config["hostname"],
                                             target_config["port"],
                                             proto=self._protocol,
                                             sslcontext=ssl_context,
                                             recv_timeout=recv_timeout)
        if startup_command:
            process_monitor = pedrpc.Client(target_config["hostname"], 26002)
            process_monitor_options = {"start_commands": [startup_command]}
            target = Target(connection=remote_connection,
                            procmon=process_monitor,
                            procmon_options=process_monitor_options)
        else:
            target = Target(connection=remote_connection)

        self._session = Session(
            target=target,
            fuzz_loggers=[self._text_logger, self._junit_logger],
            post_test_case_callbacks=[PostTestCaseCallback.post_test_callback],
            restart_sleep_time=0,
            keep_web_open=False,
            fuzz_db_keep_only_n_pass_cases=sys.maxsize,
            crash_threshold_element=10,
            crash_threshold_request=30)
Esempio n. 2
0
    def test_count_repeater(self):
        repeater = CountRepeater(count=5, sleep_time=self.SLEEP_TIME)
        connection = MockCountConnection()
        target = Target(connection, repeater=repeater)

        target.send(b"This is a test")

        self.assertEqual(repeater.count, connection.count)
        self.assertGreaterEqual(connection.second - connection.first,
                                self.SLEEP_TIME)
        with self.assertRaises(ValueError):
            CountRepeater(count=0)
Esempio n. 3
0
    def test_time_repeater(self):
        repeater = TimeRepeater(duration=0.05, sleep_time=self.SLEEP_TIME)
        connection = MockTimeConnection()
        target = Target(connection, repeater=repeater)

        target.send(b"This is a test")

        self.assertLessEqual(connection.last - connection.first,
                             repeater.duration)
        self.assertGreaterEqual(connection.second - connection.first,
                                self.SLEEP_TIME)
        with self.assertRaises(ValueError):
            TimeRepeater(duration=0)
Esempio n. 4
0
def initfuzz():
    fw = open(cur_dir() + "/test.log",'w')
    fuzz_loggers = [FuzzLoggerText(file_handle=fw)]
    session = Session(
        target=Target(
            connection=TCPSocketConnection("127.0.0.1", 9080, send_timeout=5.0, recv_timeout=5.0, server=False)
        ),
        fuzz_loggers=fuzz_loggers,
        keep_web_open=False,
    )
    return session
Esempio n. 5
0
def setup_session(protocol):
    arguments = setup_argparse(protocol)

    if arguments.debug:
        procmon = ProcessMonitor('127.0.0.1', arguments.dport)
        procmon.set_options(start_commands=[
            arguments.command.split(),
        ])
        if not arguments.command:
            raise ValueError(
                'Please specify command if debugger should be attached')
        try:
            if arguments.host and arguments.port:
                session = Session(target=Target(
                    connection=connections.UDPSocketConnection(
                        arguments.host, arguments.port)
                    if arguments.udp else connections.TCPSocketConnection(
                        arguments.host, arguments.port),
                    monitors=[procmon]), )
            else:
                session = Session(target=Target(
                    connection=connections.RawL2SocketConnection(
                        interface='lo', ethernet_proto=33024),
                    monitors=[procmon]), )
        except BoofuzzRpcError:
            raise ValueError(
                'Please start process monitor first if debugger shall be attached'
            )
    else:
        if arguments.host and arguments.port:
            session = Session(target=Target(
                connection=connections.
                UDPSocketConnection(arguments.host, arguments.port
                                    ) if arguments.udp else connections.
                TCPSocketConnection(arguments.host, arguments.port)))
        else:
            session = Session(target=Target(
                connection=connections.RawL2SocketConnection(
                    interface='lo', ethernet_proto=33024)))

    return session
Esempio n. 6
0
def get_banner(target: bf.Target, my_logger: bf.FuzzLoggerCsv, session: bf.Session, *args, **kwargs) -> None:
    """Get vulnserver banner for boofuzz callback"""
    banner_template = b"Welcome to Vulnerable Server! Enter HELP for help."
    try:
        banner = target.recv(1024)
    except:
        print("Unable to connect. Target is down. Exiting.")
        exit()

    my_logger.log_check("Receiving banner..")
    if banner_template in banner:
        my_logger.log_pass("banner received")
    else:
        my_logger.log_fail("No banner received")
        print("No banner received, exiting..")
        exit()
Esempio n. 7
0
    def test_foo_bar(self):
        session = Session(target=Target(connection=UDPSocketConnection(
            recv_timeout=1,
            host="172.26.87.144",
            port=6234,
            bind=("0.0.0.0", 12345),
        ), ),
                          keep_web_open=False)

        s_initialize("foo")
        s_group("version", values=["\x06"])

        session.connect(s_get("foo"))
        session.fuzz()

        self.open("http://localhost:26000")
        self.assert_text("boofuzz Fuzz Control", "div.main-title")
Esempio n. 8
0
    def test_no_response_causes_restart(self):
        """
        Given: A listening server which will give no response
          and: A Session ready to fuzz that server, including two messages in sequence
        When: Calling fuzz_single_case()
        Then: The restart_target method is called.
        """
        # Given
        server = MiniTestServer(host='localhost', stay_silent=True)
        server.bind()

        t = threading.Thread(target=server.serve_once)
        t.daemon = True
        t.start()

        session = Session(
            target=Target(
                connection=SocketConnection('localhost', server.active_port, proto='tcp'),
            ),
            fuzz_loggers=[],  # log to nothing
            check_data_received_each_request=True,
            keep_web_open=False,
        )
        session._restart_target = self._mock_restart_target()

        s_initialize("test-msg-a")
        s_string("test-str-value")
        s_static("\r\n")

        s_initialize("test-msg-b")
        s_string("test-str-value")
        s_static("\r\n")

        session.connect(s_get("test-msg-a"))
        session.connect(s_get("test-msg-a"), s_get("test-msg-b"))

        # When
        session.fuzz_single_case(s_get("test-msg-a").num_mutations() + 1)

        # Then
        t.join(THREAD_WAIT_TIMEOUT)
        self.assertFalse(t.isAlive())

        self.assertEqual(1, self.restarts)
Esempio n. 9
0
def main():
    arguments = setup_argparse()

    if arguments.original:
        data = get_original__pck(arguments.protocol)

    elif arguments.path:
        data = get_crashing_pck(arguments.path)

    else:
        print("You have to specify a path to the packet to be send or choose to send an original packet")
        sys.exit()

    if arguments.host and arguments.port:
        target = Target(
            connection=SocketConnection(arguments.host, arguments.port, proto='tcp'))
        session = Session(target=target, check_data_received_each_request=True, keep_web_open=False)
        target.open()
        target.send(data)
        target.close()
    else:
        sendp(data, iface="lo")
    def test_no_response_causes_restart(self):
        """
        Given: A listening server which will give no response
          and: A Session ready to fuzz that server
        When: Calling fuzz_single_case()
        Then: The restart_target method is called.
        """
        # Given
        server = MiniTestServer(host='localhost', stay_silent=True)
        server.bind()

        t = threading.Thread(target=server.serve_once)
        t.daemon = True
        t.start()

        session = Session(
            target=Target(
                connection=SocketConnection('localhost', server.active_port, proto='tcp'),
            ),
            fuzz_data_logger=FuzzLogger(fuzz_loggers=[]),  # log to nothing
        )
        session.restart_target = self._mock_restart_target()

        s_initialize("test-msg")
        s_string("test-str-value")
        s_static("\r\n")

        session.connect(s_get("test-msg"))

        # When
        session.fuzz_single_case(1)

        # Then
        t.join(THREAD_WAIT_TIMEOUT)
        self.assertFalse(t.isAlive())

        self.assertEqual(1, self.restarts)
Esempio n. 11
0
def main():
    session = Session(
            target=Target(connection=SocketConnection("192.168.0.101", 80, proto='tcp')),
            )

    s_initialize(name="Command")
    s_static("GET /vfolder.ghp HTTP/1.1\r\n")
    s_static("Host: 192.168.0.101\r\n")
    s_static("User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0\r\n")
    s_static("Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n")
    s_static("Accept-Language: en-US,en;q=0.5\r\n")
    s_static("Accept-Encoding: gzip, deflate\r\n")
    s_static("Referer: http://192.168.0.101/login.htm\r\n")
    s_static("Content-Type: application/x-www-form-urlencoded\r\n")
    s_static("Content-Length: 60\r\n")
    s_static("Cookie: UserID=")
    s_string("1")  # this is the part we fuzz
    s_static("\r\n")
    s_static("Cache-Control: max-age=0\r\n")
    s_static("\r\nConnection: close\r\n\r\n")

    session.connect(s_get("Command"))

    session.fuzz()
Esempio n. 12
0
from boofuzz import Session, Target, SocketConnection, s_initialize

session = Session(target=Target(
    connection=SocketConnection("127.0.0.1", 6021, proto='udp')))

s_initialize("INIT_CHLO")
Esempio n. 13
0
#!/usr/bin/env python3
# Designed for use with boofuzz v0.2.0

# Original author:
#
# pedram amini <*****@*****.**>
#
# this was a really half assed fuzz. someone should take it further, see my notes in the requests file for more info.
#

from boofuzz import Session, Target, s_get, TCPSocketConnection

# noinspection PyUnresolvedReferences
# pytype: disable=import-error
from request_definitions import trend  # noqa: F401

# pytype: enable=import-error

sess = Session(session_filename="audits/trend_server_protect_20901.session",
               sleep_time=0.25)
sess.add_target(Target(connection=TCPSocketConnection("127.0.0.1", 20901)))

sess.connect(s_get("20901"))
sess.fuzz()