Exemplo n.º 1
0
def get_fuzzer(options=None):
    '''
    Get fuzzer (non-remote)

    :param options: options
    :return: fuzzer
    '''
    local_options = {
        '--kitty-options': None,
        '--stage-file': None,
        '--count': '2',
        '--disconnect-delays': '0.0,0.0'
    }
    local_options.update(options)
    fuzzer = ClientFuzzer(name='UmapFuzzer', option_line=local_options['--kitty-options'])
    fuzzer.set_interface(WebInterface())

    target = ClientTarget(name='USBTarget')
    target.set_controller(get_controller(local_options))
    target.set_mutation_server_timeout(10)

    model = get_model(local_options)
    fuzzer.set_model(model)
    fuzzer.set_target(target)
    return fuzzer
Exemplo n.º 2
0
def main():
    options = docopt.docopt(__doc__)
    fuzzer = ClientFuzzer(name='UmapFuzzer', option_line=options['--kitty-options'])
    fuzzer.set_interface(WebInterface())

    target = ClientTarget(name='USBTarget')
    target.set_controller(get_controller(options))
    target.set_mutation_server_timeout(10)

    model = get_model(options)
    fuzzer.set_model(model)
    fuzzer.set_target(target)

    remote = RpcServer(host='localhost', port=26007, impl=fuzzer)
    remote.start()
Exemplo n.º 3
0
def main():
    test_name = 'GET /fuzzed'
    get_template = Template(name=test_name, fields=[
        XmlElement(name='html', element_name='html', content=[
            XmlElement(name='head', element_name='head', content='<meta http-equiv="refresh" content="5; url=/">'),
            XmlElement(name='body', element_name='body', content='123', fuzz_content=True),
        ])
    ])

    fuzzer = ClientFuzzer(name='BrowserFuzzer')
    fuzzer.set_interface(WebInterface(host='0.0.0.0', port=26000))

    target = ClientTarget(name='BrowserTarget')

    #
    # Note: to avoid opening the process on our X server, we use another display for it
    # display ':2' that is specified below was started this way:
    # >> sudo apt-get install xvfb
    # >> Xvfb :2 -screen 2 1280x1024x8
    #
    env = os.environ.copy()
    env['DISPLAY'] = ':2'
    controller = ClientProcessController(
        'BrowserController',
        '/usr/bin/opera',
        ['http://localhost:8082/fuzzed'],
        process_env=env
    )

    target.set_controller(controller)
    target.set_mutation_server_timeout(20)

    model = GraphModel()
    model.connect(get_template)
    fuzzer.set_model(model)
    fuzzer.set_target(target)
    fuzzer.set_delay_between_tests(0.1)

    server = MyHttpServer(('localhost', 8082), MyHttpHandler, fuzzer)

    fuzzer.start()

    while True:
        server.handle_request()
Exemplo n.º 4
0
def main():
    test_name = 'GET fuzzed'
    get_template = Template(name=test_name, fields=[
        XmlElement(name='html', element_name='html', content=[
            XmlElement(name='head', element_name='head', content='<meta http-equiv="refresh" content="5; url=/">'),
            XmlElement(name='body', element_name='body', content='123', fuzz_content=True),
        ])
    ])

    fuzzer = ClientFuzzer(name='Example 2 - Browser Fuzzer (Remote)')
    fuzzer.set_interface(WebInterface(host='0.0.0.0', port=26000))

    target = ClientTarget(name='BrowserTarget')

    #
    # Note: to avoid opening the process on our X server, we use another display for it
    # display ':2' that is specified below was started this way:
    # >> sudo apt-get install xvfb
    # >> Xvfb :2 -screen 2 1280x1024x8
    #
    env = os.environ.copy()
    env['DISPLAY'] = ':2'
    controller = ClientProcessController(
        'BrowserController',
        '/usr/bin/opera',
        ['http://localhost:8082/fuzzed'],
        process_env=env
    )
    target.set_controller(controller)
    target.set_mutation_server_timeout(20)

    model = GraphModel()
    model.connect(get_template)
    fuzzer.set_model(model)
    fuzzer.set_target(target)

    #
    # only fuzz the half of the mutations, just as an example
    fuzzer.set_range(end_index=model.num_mutations() / 2)
    fuzzer.set_delay_between_tests(0.1)

    remote = RpcServer(host='localhost', port=26007, impl=fuzzer)
    remote.start()
Exemplo n.º 5
0
def get_fuzzer(options=None):
    '''
    Get fuzzer (non-remote)

    :param options: options
    :return: fuzzer
    '''
    local_options = {
        '--kitty-options': None,
        '--stage-file': None,
        '--count': '2',
        '--disconnect-delays': '0.0,0.0'
    }
    local_options.update(options)
    fuzzer = ClientFuzzer(name='numap',
                          option_line=local_options['--kitty-options'])
    fuzzer.set_interface(WebInterface())

    target = ClientTarget(name='USBTarget')
    target.set_controller(get_controller(local_options))
    target.set_mutation_server_timeout(10)

    model = get_model(local_options)
    fuzzer.set_model(model)
    fuzzer.set_target(target)
    return fuzzer
Exemplo n.º 6
0
def main():
    test_name = 'GET fuzzed'
    get_template = Template(
        name=test_name,
        fields=[
            XmlElement(
                name='html',
                element_name='html',
                content=[
                    XmlElement(
                        name='head',
                        element_name='head',
                        content='<meta http-equiv="refresh" content="5; url=/">'
                    ),
                    XmlElement(name='body',
                               element_name='body',
                               content='123',
                               fuzz_content=True),
                ])
        ])

    fuzzer = ClientFuzzer(name='Example 3 - Browser Fuzzer')
    fuzzer.set_interface(WebInterface(host='0.0.0.0', port=26000))

    target = ClientTarget(name='BrowserTarget')

    #
    # Note: to avoid opening the process on our X server, we use another display for it
    # display ':2' that is specified below was started this way:
    # >> sudo apt-get install xvfb
    # >> Xvfb :2 -screen 2 1280x1024x8
    #
    env = os.environ.copy()
    env['DISPLAY'] = ':2'
    controller = ClientProcessController('BrowserController',
                                         '/usr/bin/opera',
                                         ['http://localhost:8082/fuzzed'],
                                         process_env=env)

    target.set_controller(controller)
    target.set_mutation_server_timeout(20)

    model = GraphModel()
    model.connect(get_template)
    fuzzer.set_model(model)
    fuzzer.set_target(target)
    fuzzer.set_delay_between_tests(0.1)

    server = MyHttpServer(('localhost', 8082), MyHttpHandler, fuzzer)

    fuzzer.start()

    while True:
        server.handle_request()
#note, thsi is only the actual ASDU frame, the APCI(which makes together with the ASDU the APDU) is not included
get_ASDU = Template(name='get_ASDU', fields=[
    UInt8(value=0x2d, name='type'),
    UInt8(value=0x01, name='num_of_obj'),
    UInt8(value=0x07, name='COT'),
    UInt8(value=0x00, name='org_addr'),
    UInt16(value=0x0100, name='ASDU_field_addr'),
    UInt8(value=0x88, name='obj addr1'),
    UInt8(value=0x13, name='obj addr2'),
    UInt8(value=0x00, name='obj addr3'),
    UInt8(value=0x01, name='__')
    ])

################# Actual fuzzer code #################

target = ClientTarget(name='104Target')
controller = ClientProcessController(
        "simple_client_single",
        "./simple_client_fast",
        ["10.84.134.10"]
    )
target.set_controller(controller)
target.set_mutation_server_timeout(20)
 

model = GraphModel()
model.connect(get_startdt)
#model.connect(get_startdt, get_stopdt)
model.connect(get_startdt, get_ASDU)

#model.connect(get_startdt, get_testfr)