def get_fuzzer(options=None): ''' Get fuzzer (non-remote) :param options: options :return: fuzzer ''' local_options = { '--kitty-options': None, '--stage-file': None, '--count': '2', '--disconnect-delays': '0.0,0.0' } local_options.update(options) fuzzer = ClientFuzzer(name='UmapFuzzer', option_line=local_options['--kitty-options']) fuzzer.set_interface(WebInterface()) target = ClientTarget(name='USBTarget') target.set_controller(get_controller(local_options)) target.set_mutation_server_timeout(10) model = get_model(local_options) fuzzer.set_model(model) fuzzer.set_target(target) return fuzzer
def main(): options = docopt.docopt(__doc__) fuzzer = ClientFuzzer(name='UmapFuzzer', option_line=options['--kitty-options']) fuzzer.set_interface(WebInterface()) target = ClientTarget(name='USBTarget') target.set_controller(get_controller(options)) target.set_mutation_server_timeout(10) model = get_model(options) fuzzer.set_model(model) fuzzer.set_target(target) remote = RpcServer(host='localhost', port=26007, impl=fuzzer) remote.start()
def main(): test_name = 'GET /fuzzed' get_template = Template(name=test_name, fields=[ XmlElement(name='html', element_name='html', content=[ XmlElement(name='head', element_name='head', content='<meta http-equiv="refresh" content="5; url=/">'), XmlElement(name='body', element_name='body', content='123', fuzz_content=True), ]) ]) fuzzer = ClientFuzzer(name='BrowserFuzzer') fuzzer.set_interface(WebInterface(host='0.0.0.0', port=26000)) target = ClientTarget(name='BrowserTarget') # # Note: to avoid opening the process on our X server, we use another display for it # display ':2' that is specified below was started this way: # >> sudo apt-get install xvfb # >> Xvfb :2 -screen 2 1280x1024x8 # env = os.environ.copy() env['DISPLAY'] = ':2' controller = ClientProcessController( 'BrowserController', '/usr/bin/opera', ['http://localhost:8082/fuzzed'], process_env=env ) target.set_controller(controller) target.set_mutation_server_timeout(20) model = GraphModel() model.connect(get_template) fuzzer.set_model(model) fuzzer.set_target(target) fuzzer.set_delay_between_tests(0.1) server = MyHttpServer(('localhost', 8082), MyHttpHandler, fuzzer) fuzzer.start() while True: server.handle_request()
def main(): test_name = 'GET fuzzed' get_template = Template(name=test_name, fields=[ XmlElement(name='html', element_name='html', content=[ XmlElement(name='head', element_name='head', content='<meta http-equiv="refresh" content="5; url=/">'), XmlElement(name='body', element_name='body', content='123', fuzz_content=True), ]) ]) fuzzer = ClientFuzzer(name='Example 2 - Browser Fuzzer (Remote)') fuzzer.set_interface(WebInterface(host='0.0.0.0', port=26000)) target = ClientTarget(name='BrowserTarget') # # Note: to avoid opening the process on our X server, we use another display for it # display ':2' that is specified below was started this way: # >> sudo apt-get install xvfb # >> Xvfb :2 -screen 2 1280x1024x8 # env = os.environ.copy() env['DISPLAY'] = ':2' controller = ClientProcessController( 'BrowserController', '/usr/bin/opera', ['http://localhost:8082/fuzzed'], process_env=env ) target.set_controller(controller) target.set_mutation_server_timeout(20) model = GraphModel() model.connect(get_template) fuzzer.set_model(model) fuzzer.set_target(target) # # only fuzz the half of the mutations, just as an example fuzzer.set_range(end_index=model.num_mutations() / 2) fuzzer.set_delay_between_tests(0.1) remote = RpcServer(host='localhost', port=26007, impl=fuzzer) remote.start()
def get_fuzzer(options=None): ''' Get fuzzer (non-remote) :param options: options :return: fuzzer ''' local_options = { '--kitty-options': None, '--stage-file': None, '--count': '2', '--disconnect-delays': '0.0,0.0' } local_options.update(options) fuzzer = ClientFuzzer(name='numap', option_line=local_options['--kitty-options']) fuzzer.set_interface(WebInterface()) target = ClientTarget(name='USBTarget') target.set_controller(get_controller(local_options)) target.set_mutation_server_timeout(10) model = get_model(local_options) fuzzer.set_model(model) fuzzer.set_target(target) return fuzzer
def main(): test_name = 'GET fuzzed' get_template = Template( name=test_name, fields=[ XmlElement( name='html', element_name='html', content=[ XmlElement( name='head', element_name='head', content='<meta http-equiv="refresh" content="5; url=/">' ), XmlElement(name='body', element_name='body', content='123', fuzz_content=True), ]) ]) fuzzer = ClientFuzzer(name='Example 3 - Browser Fuzzer') fuzzer.set_interface(WebInterface(host='0.0.0.0', port=26000)) target = ClientTarget(name='BrowserTarget') # # Note: to avoid opening the process on our X server, we use another display for it # display ':2' that is specified below was started this way: # >> sudo apt-get install xvfb # >> Xvfb :2 -screen 2 1280x1024x8 # env = os.environ.copy() env['DISPLAY'] = ':2' controller = ClientProcessController('BrowserController', '/usr/bin/opera', ['http://localhost:8082/fuzzed'], process_env=env) target.set_controller(controller) target.set_mutation_server_timeout(20) model = GraphModel() model.connect(get_template) fuzzer.set_model(model) fuzzer.set_target(target) fuzzer.set_delay_between_tests(0.1) server = MyHttpServer(('localhost', 8082), MyHttpHandler, fuzzer) fuzzer.start() while True: server.handle_request()
#note, thsi is only the actual ASDU frame, the APCI(which makes together with the ASDU the APDU) is not included get_ASDU = Template(name='get_ASDU', fields=[ UInt8(value=0x2d, name='type'), UInt8(value=0x01, name='num_of_obj'), UInt8(value=0x07, name='COT'), UInt8(value=0x00, name='org_addr'), UInt16(value=0x0100, name='ASDU_field_addr'), UInt8(value=0x88, name='obj addr1'), UInt8(value=0x13, name='obj addr2'), UInt8(value=0x00, name='obj addr3'), UInt8(value=0x01, name='__') ]) ################# Actual fuzzer code ################# target = ClientTarget(name='104Target') controller = ClientProcessController( "simple_client_single", "./simple_client_fast", ["10.84.134.10"] ) target.set_controller(controller) target.set_mutation_server_timeout(20) model = GraphModel() model.connect(get_startdt) #model.connect(get_startdt, get_stopdt) model.connect(get_startdt, get_ASDU) #model.connect(get_startdt, get_testfr)