def __perform_rq_dict(self, payload_array, metadata):
rq_dict = havoc.get_redqueen_dict()
counter = 0
seen_addr_to_value = havoc.get_redqueen_seen_addr_to_value()
if len(payload_array) < 256:
for addr in rq_dict:
for repl in rq_dict[addr]:
if addr in seen_addr_to_value and (
len(seen_addr_to_value[addr]) > 32
or repl in seen_addr_to_value[addr]):
continue
if not addr in seen_addr_to_value:
seen_addr_to_value[addr] = set()
seen_addr_to_value[addr].add(repl)
log_redq("Attempting %s " % repr(repl))
for apply_dict in [
havoc.dict_insert_sequence,
havoc.dict_replace_sequence
]:
for i in range(len(payload_array) - len(repl)):
counter += 1
mutated = apply_dict(payload_array, repl, i)
# log_redq("dict_bf %d %s %s"%(i,repr(repl),repr(mutated)))
self.execute(mutated, label="rq_dict")
log_redq("RQ-Dict: Have performed %d iters" % counter)
def __perform_dict(self, payload_array, payload):
self.kafl_state["technique"] = "DICT-BF"
log_master("Dict on %s" % repr(payload_array.tostring()))
dict = havoc.get_redqueen_dict()
log_redq("using %s" % repr(dict))
counter = 0
if len(payload_array) < 256:
for addr in dict:
for repl in dict[addr]:
if addr in self.seen_addr_to_value and (
len(self.seen_addr_to_value[addr]) > 32
or repl in self.seen_addr_to_value[addr]):
continue
if not addr in self.seen_addr_to_value:
self.seen_addr_to_value[addr] = set()
self.seen_addr_to_value[addr].add(repl)
for i in range(len(payload_array)):
counter += 1
mutated = havoc.apply_dict_to_data(
payload_array, repl, i).tostring()
self.__dict_bf_handler(mutated)
log_redq("have performed %d iters" % counter)
self.__buffered_handler(None, last_payload=True)
def __perform_dict(self, payload_array, metadata):
# log_master("Dict on %s" % repr(payload_array.tostring()))
default_info = {"method": "redqueen-dict", "parent": metadata["id"]}
rq_dict = havoc.get_redqueen_dict()
# log_redq("using %s" % repr(rq_dict))
counter = 0
seen_addr_to_value = havoc.get_redqueen_seen_addr_to_value()
if len(payload_array) < 256:
for addr in rq_dict:
for repl in rq_dict[addr]:
if addr in seen_addr_to_value and (
len(seen_addr_to_value[addr]) > 32
or repl in seen_addr_to_value[addr]):
continue
if not addr in seen_addr_to_value:
seen_addr_to_value[addr] = set()
seen_addr_to_value[addr].add(repl)
# log_master("try %s"%repr(repl))
for i in range(len(payload_array)):
counter += 1
mutated = havoc.apply_dict_to_data(
payload_array, repl, i).tostring()
# log_redq("dict_bf %d %s %s"%(i,repr(repl),repr(mutated)))
self.execute(mutated, default_info)