Пример #1
0
    def test_foo_bar(self):
        session = Session(target=Target(connection=UDPSocketConnection(
            recv_timeout=1,
            host="172.26.87.144",
            port=6234,
            bind=("0.0.0.0", 12345),
        ), ),
                          keep_web_open=False)

        s_initialize("foo")
        s_group("version", values=["\x06"])

        session.connect(s_get("foo"))
        session.fuzz()

        self.open("http://localhost:26000")
        self.assert_text("boofuzz Fuzz Control", "div.main-title")
Пример #2
0
def main():
    session = Session(
            target=Target(connection=SocketConnection("192.168.0.101", 80, proto='tcp')),
            )

    s_initialize(name="Command")
    s_static("GET /vfolder.ghp HTTP/1.1\r\n")
    s_static("Host: 192.168.0.101\r\n")
    s_static("User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0\r\n")
    s_static("Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n")
    s_static("Accept-Language: en-US,en;q=0.5\r\n")
    s_static("Accept-Encoding: gzip, deflate\r\n")
    s_static("Referer: http://192.168.0.101/login.htm\r\n")
    s_static("Content-Type: application/x-www-form-urlencoded\r\n")
    s_static("Content-Length: 60\r\n")
    s_static("Cookie: UserID=")
    s_string("1")  # this is the part we fuzz
    s_static("\r\n")
    s_static("Cache-Control: max-age=0\r\n")
    s_static("\r\nConnection: close\r\n\r\n")

    session.connect(s_get("Command"))

    session.fuzz()
Пример #3
0
#!/usr/bin/env python3
# Designed for use with boofuzz v0.2.0

# Original author:
#
# pedram amini <*****@*****.**>
#
# this was a really half assed fuzz. someone should take it further, see my notes in the requests file for more info.
#

from boofuzz import Session, Target, s_get, TCPSocketConnection

# noinspection PyUnresolvedReferences
# pytype: disable=import-error
from request_definitions import trend  # noqa: F401

# pytype: enable=import-error

sess = Session(session_filename="audits/trend_server_protect_20901.session",
               sleep_time=0.25)
sess.add_target(Target(connection=TCPSocketConnection("127.0.0.1", 20901)))

sess.connect(s_get("20901"))
sess.fuzz()
Пример #4
0
class Fuzzer:
    def __init__(self, endpoints, text_logger, junit_logger, protocol: str):
        self._endpoints = endpoints
        self._text_logger = text_logger
        self._junit_logger = junit_logger
        self._protocol = protocol
        self._session = None

        self._configure_session()

        self._remove_endpoints_by_keywords(
            ConfigurationManager.get_keywords_for_endpoints_skipping())

        if ConfigurationManager.is_http_fuzzing_allowed():
            self._generate_http_fuzzing()
        self._generate_uri_attributes_fuzzing()
        self._generate_request_body_fuzzing()
        self._generate_request_body_fuzzing(
            add_quotation_marks_into_non_string_primitives=True)

    def _configure_session(self):
        target_config = ConfigurationManager.get_target()
        startup_command = ConfigurationManager.get_startup_command()

        ssl_context = None
        if self._protocol == 'ssl':
            ssl_context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
            ssl_context.check_hostname = False
            ssl_context.verify_mode = ssl.CERT_NONE

        recv_timeout = ConfigurationManager.get_receive_timeout()

        remote_connection = SocketConnection(target_config["hostname"],
                                             target_config["port"],
                                             proto=self._protocol,
                                             sslcontext=ssl_context,
                                             recv_timeout=recv_timeout)
        if startup_command:
            process_monitor = pedrpc.Client(target_config["hostname"], 26002)
            process_monitor_options = {"start_commands": [startup_command]}
            target = Target(connection=remote_connection,
                            procmon=process_monitor,
                            procmon_options=process_monitor_options)
        else:
            target = Target(connection=remote_connection)

        self._session = Session(
            target=target,
            fuzz_loggers=[self._text_logger, self._junit_logger],
            post_test_case_callbacks=[PostTestCaseCallback.post_test_callback],
            restart_sleep_time=0,
            keep_web_open=False,
            fuzz_db_keep_only_n_pass_cases=sys.maxsize,
            crash_threshold_element=10,
            crash_threshold_request=30)

    def _generate_http_fuzzing(self):
        self._session.connect(s_get(generate_http_fuzzed_blocks()))

    def _generate_uri_attributes_fuzzing(self):
        for endpoint in self._endpoints:
            for request in endpoint["Requests"]:
                request_name = generate_url_attributes_fuzzed_blocks(
                    endpoint, request)
                self._session.connect(s_get(request_name))

    def _generate_request_body_fuzzing(
            self, add_quotation_marks_into_non_string_primitives=False):
        for endpoint in self._endpoints:
            for request in endpoint["Requests"]:
                request_name = generate_body_fuzzed_blocks(
                    endpoint, request,
                    add_quotation_marks_into_non_string_primitives)
                self._session.connect(s_get(request_name))

    def _remove_endpoints_by_keywords(self, keywords: List[str]):
        for keyword in keywords:
            self._endpoints[:] = [
                endpoint for endpoint in self._endpoints
                if keyword not in endpoint.get('Uri')
            ]

    def fuzz(self):
        report_progress(self._session, self._junit_logger)
        self._session.fuzz()

    def was_there_any_failure(self):
        return self._junit_logger.was_there_any_failure