def doIntercept(config, interceptorPort, targetPort): localHost = "0.0.0.0" targetHost = "localhost" config["baseport"] = targetPort # run the targetserver, as configured in config serverManager = simpleservermanager.SimpleServerManager( config, 0, targetPort) isStarted = serverManager.start() if not isStarted: print("Could not start server, check its output") return # test connection networkManager = networkmanager.NetworkManager(config, targetPort) if not networkManager.debugServerConnection(): return # start mitm server if config["ipproto"] is "tcp": performTcpIntercept(config, localHost, interceptorPort, targetHost, targetPort) else: performUdpIntercept(config, localHost, interceptorPort, targetHost, targetPort)
def _verify(self, crashData, serverManager): # start the server in the background self.networkManager = networkmanager.NetworkManager( self.config, self.config["target_port"]) self.startChild(serverManager) # wait for ok (pid) from child that the server has started data = self.queue_sync.get() serverPid = data[1] self.serverPid = serverPid logging.info("Verifier: Server pid: " + str(serverPid)) res = self.networkManager.debugServerConnection() if not res: logging.error("Could not connect") return None logging.info("Verifier: Sending fuzzed messages") self.networkManager.sendMessages(crashData.corpusData.networkData) # get crash result data from child # or empty if server did not crash # serverCrashData is type verifier:ServerCrashData try: logging.info("Verifier: Wait for crash data") (t, serverCrashData) = self.queue_sync.get( True, sleeptimes["max_server_run_time"]) serverStdout = self.queue_out.get() # it may be that the debugServer detects a process exit # (e.g. port already used), and therefore sends an # empty result. has to be handled. if serverCrashData: logging.info("Verifier: I've got a crash") print("Verifier: crash verified: %s: %s " % (crashData.filename, serverCrashData.faultAddress)) serverCrashData.setProcessStdout(serverStdout) else: logging.error("Verifier: Some server error:") logging.error("Verifier: Output: " + serverStdout) return serverCrashData except Queue.Empty: logging.info("Verifier: no crash on: %s" % (crashData.filename)) print("Verifier: no crash on: %s" % (crashData.filename)) self.stopChild() return None return None
def _verify(self, outcome, targetPort, debugServerManager): # start server in background # TODO move this to verifyOutDir (more efficient?) self.networkManager = networkmanager.NetworkManager( self.config, targetPort) self.startChild(debugServerManager) # wait for ok (pid) from child that the server has started data = self.queue_sync.get() serverPid = data[1] self.serverPid = serverPid logging.info("Verifier: Server pid: " + str(serverPid)) logging.info("Verifier: Server Port: " + str(targetPort)) res = self.networkManager.debugServerConnection() if not res: return None logging.info("Verifier: Sending fuzzed messages") self.networkManager.sendMessages(outcome["fuzzIterData"]["fuzzedData"]) # get crash result data from child # or empty if server did not crash try: logging.info("Verifier: Wait for crash data") (t, crashData) = self.queue_sync.get( True, sleeptimes["max_server_run_time"]) serverStdout = self.queue_out.get() # it may be that the debugServer detects a process exit # (e.g. port already used), and therefore sends an # empty result. has to be handled. if crashData: logging.info("Verifier: I've got a crash: ") crashData.setProcessStdout(serverStdout) else: logging.error("Verifier: Some server error:") logging.error("Verifier: Output: " + serverStdout) return crashData except Queue.Empty: self._handleNoCrash() self.stopChild() return None return None
def realDoActualFuzz(self): """ The main fuzzing loop. all magic is performed here sends results via queue to the parent Only called once, by the fuzzingmaster """ if "DebugWithFile" in self.config: utils.setupSlaveLoggingWithFile(self.threadId) random.seed(self.initialSeed) logging.info("Setup fuzzing..") signal.signal(signal.SIGINT, signal_handler) if 'use_netnamespace' in self.config and self.config[ 'use_netnamespace']: targetPort = self.config["target_port"] else: targetPort = self.config["target_port"] + self.threadId self.corpusManager = CorpusManager(self.config) self.corpusManager.loadCorpusFiles() if self.corpusManager.getCorpusCount() == 0: logging.error("No corpus input data found in: " + self.config['input_dir']) return mutatorInterface = MutatorInterface(self.config, self.threadId) self.serverManager = ServerManager(self.config, self.threadId, targetPort) self.networkManager = networkmanager.NetworkManager( self.config, targetPort) self.iterStats = { "count": 0, # number of iterations "crashCount": 0, # number of crashes, absolute "startTime": time.time(), "lastUpdateTime": time.time(), } sendDataResult = None previousCorpusData = None # If we do not manage the server by ourselfs, disable it if 'disableServer' in self.config and self.config['disableServer']: self.serverManager.dis() else: self.serverManager.start() if not self.networkManager.waitForServerReadyness(): logging.error("Error: Could not connect to server.") # TODO: better error, because server could not be started. stdout? return print(str(self.threadId) + " Start fuzzing...") self.queue.put((self.threadId, 0, 0, 0)) corpusData = None while True: self.updateStats() logging.debug("\n\n") logging.debug("A fuzzing loop...") if self.config["debug"]: # lets sleep a bit time.sleep(0.5) selectedCorpusData = self.corpusManager.getRandomCorpus() # save this iteration data for future crashes # we do this at the start, not at the end, so we have to # only write it once previousCorpusData = corpusData corpusData = None # previous fuzz generated a crash if not self.networkManager.openConnection(): if previousCorpusData is None: logging.warn( "Detected crash, but we didnt yet send any bad data?!") continue self._handleCrash(previousCorpusData, 'A') continue corpusData = mutatorInterface.fuzz(selectedCorpusData) sendDataResult = self.networkManager.sendPartialPreData( corpusData.networkData) if not sendDataResult: logging.info(" B Could not send, possible crash? (predata)") if self.networkManager.testServerConnection(): logging.info(" B Broken connection... continue") self.networkManager.closeConnection() continue else: # TODO really previousCorpusData? i think so self._handleCrash(previousCorpusData, 'B') self.networkManager.closeConnection() self.serverManager.restart() continue sendDataResult = self.networkManager.sendPartialPostData( corpusData.networkData) if not sendDataResult: logging.info(" C Could not send, possible crash? (postdata)") if self.networkManager.testServerConnection(): logging.info("C Broken connection... continue") self.networkManager.closeConnection() continue else: self._handleCrash(corpusData, 'C') self.networkManager.closeConnection() continue # restart server periodically if (self.iterStats["count"] > 0 and self.iterStats["count"] % self.config["restart_server_every"] == 0): if not self.networkManager.testServerConnection(): self._handleCrash(corpusData, 'D') self.networkManager.closeConnection() logging.info("Restart server periodically: " + str(self.iterStats["count"])) self.serverManager.restart() if not self.networkManager.testServerConnection(): logging.error( "Error: Could not connect to server after restart. abort." ) return if self.iterStats[ 'count'] > 0 and self.iterStats['count'] % 300 == 0: self.networkManager.tuneTimeouts( self.corpusManager.getMaxLatency()) # all done, terminate server self.serverManager.stopServer()
def doActualFuzz(self): """ The main fuzzing loop. all magic is performed here sends results via queue to the parent Only called once, by the fuzzingmaster """ global GLOBAL_SLEEP if "DebugWithFile" in self.config: utils.setupSlaveLoggingWithFile(self.threadId) random.seed(self.initialSeed) logging.info("Setup fuzzing..") signal.signal(signal.SIGINT, signal_handler) targetPort = self.config["baseport"] + self.threadId serverManager = simpleservermanager.SimpleServerManager( self.config, self.threadId, targetPort) networkManager = networkmanager.NetworkManager(self.config, targetPort) iterStats = { "count": 0, # number of iterations "crashCount": 0, # number of crashes, absolute "startTime": time.time(), "lastUpdateTime": time.time(), } sendDataResult = None previousFuzzingIterationData = None # start server, or not if 'disableServer' in self.config and self.config['disableServer']: serverManager.dis() serverManager.start() if not networkManager.waitForServerReadyness(): logging.error("Error: Could not connect to server.") # TODO: better error, because server could not be started. stdout? return print(str(self.threadId) + " Start fuzzing...") self.queue.put((self.threadId, 0, 0, 0)) fuzzingIterationData = None while True: self.updateStats(iterStats) logging.debug("\n\n") logging.debug("A fuzzing loop...") if self.config["debug"]: # lets sleep a bit time.sleep(0.5) selectedInput = self.getRandomInput() # save this iteration data for future crashes # we do this at the start, not at the end, so we have to # only write it once previousFuzzingIterationData = fuzzingIterationData fuzzingIterationData = None # previous fuzz generated a crash if not networkManager.openConnection(): logging.info("Detected Crash (A)") iterStats["crashCount"] += 1 srvCrashData = serverManager.getCrashData() crashData = FuzzingCrashData(srvCrashData) crashData.setFuzzerPos("A") self.exportFuzzResult(crashData, previousFuzzingIterationData) serverManager.restart() continue fuzzingIterationData = fuzzingiterationdata.FuzzingIterationData( self.config, selectedInput) if not fuzzingIterationData.fuzzData(): logging.error("Could not fuzz the data") return sendDataResult = self.sendPreData(networkManager, fuzzingIterationData) if not sendDataResult: logging.info(" B Could not send, possible crash? (predata)") if networkManager.testServerConnection(): logging.info(" B Broken connection... continue") networkManager.closeConnection() continue else: logging.info("Detected Crash (B)") iterStats["crashCount"] += 1 srvCrashData = serverManager.getCrashData() crashData = FuzzingCrashData(srvCrashData) crashData.setFuzzerPos("B") # TODO really previousFuzzingIterationData? i think so self.exportFuzzResult(crashData, previousFuzzingIterationData) networkManager.closeConnection() serverManager.restart() continue sendDataResult = self.sendData(networkManager, fuzzingIterationData) if not sendDataResult: logging.info(" C Could not send, possible crash? (postdata)") if networkManager.testServerConnection(): logging.info("C Broken connection... continue") networkManager.closeConnection() continue else: logging.info("Detected Crash (C)") iterStats["crashCount"] += 1 srvCrashData = serverManager.getCrashData() crashData = FuzzingCrashData(srvCrashData) crashData.setFuzzerPos("C") self.exportFuzzResult(crashData, fuzzingIterationData) networkManager.closeConnection() serverManager.restart() continue # restart server periodically if iterStats["count"] > 0 and iterStats["count"] % self.config[ "restart_server_every"] == 0: if not networkManager.testServerConnection(): logging.info("Detected Crash (D)") iterStats["crashCount"] += 1 srvCrashData = serverManager.getCrashData() crashData = FuzzingCrashData(srvCrashData) crashData.setFuzzerPos("D") self.exportFuzzResult(crashData, fuzzingIterationData) networkManager.closeConnection() logging.info("Restart server periodically: " + str(iterStats["count"])) serverManager.restart() if not networkManager.testServerConnection(): logging.error( "Error: Could not connect to server after restart. abort." ) return # all done, terminate server serverManager.stopServer()
def realDoActualFuzz(self): #logging.basicConfig(level=logging.DEBUG) if "debug" in self.config and self.config["debug"]: self.config["processes"] = 1 if "DebugWithFile" in self.config and self.config["DebugWithFile"]: utils.setupSlaveLoggingWithFile(self.threadId) if 'use_netnamespace' in self.config and self.config[ 'use_netnamespace']: targetPort = self.config["target_port"] else: targetPort = self.config["target_port"] + self.threadId self.targetPort = targetPort logging.info("Setup fuzzing..") random.seed(self.initialSeed) signal.signal(signal.SIGINT, signal_handler) mutatorInterface = MutatorInterface(self.config, self.threadId) self.networkManager = networkmanager.NetworkManager( self.config, targetPort) self.corpusManager = HonggCorpusManager(self.config) self.corpusManager.loadCorpusFiles() if self.corpusManager.getCorpusCount() == 0: logging.error("No corpus input data found in: " + self.config['input_dir']) return # watch for new files / corpus self.corpusManager.startWatch() # start honggfuzz with target binary honggfuzzArgs = self._prepareHonggfuzzArgs() serverManager = ServerManager(self.config, self.threadId, targetPort, honggfuzzArgs, True) serverManager.start() # connect to honggfuzz honggComm = honggcomm.HonggComm() if honggComm.openSocket(serverManager.process.pid): print(" connected to honggfuzz!") logging.info("Honggfuzz connection successful") else: logging.error("Could not connect to honggfuzz socket.") return # test connection first if not self.networkManager.debugServerConnection(): logging.error("Bootstrap: Could not connect to server.") return # warmup # Send all initial corpus once and ignore new BB commands so we # dont add it again. # Note that at the end, there may be still commands in the socket # queue which we need to ignore on the fuzzing loop. initialCorpusIter = iter(self.corpusManager) print("Performing warmup. This can take some time.") while True: logging.debug("A warmup loop...") try: # this generates errors because multiple processes # try to write to stdout # sys.stdout.write('.') # sys.stdout.flush() initialCorpusData = initialCorpusIter.next() except StopIteration: break honggData = honggComm.readSocket() if honggData == "Fuzz": logging.debug(" Warmup Fuzz: Sending: " + str(initialCorpusData.filename)) self._connectAndSendData(initialCorpusData) honggComm.writeSocket("okay") else: # We dont really care what the fuzzer sends us # BUT it should be always "New!" # It should never be "Cras" if honggData == "New!": logging.debug( " Warmup: Honggfuzz answered correctly, received: " + honggData) else: logging.warn( " Warumup: Honggfuzz answered wrong, it should be New! but is: " + honggData) # the actual fuzzing logging.debug("Warmup finished.") logging.info("Performing fuzzing") honggCorpusData = None # Just assume target is alive, because of the warmup phase # this var is needed mainly to not create false-positives, e.g. # if the target is for some reason unstartable, it would be detected # as crash haveCheckedTargetIsAlive = True while True: logging.debug("A fuzzing loop...") self._uploadStats() self.corpusManager.checkForNewFiles() honggData = None try: honggData = honggComm.readSocket() except Exception as e: logging.error("Could not read from honggfuzz socket: " + str(e)) logging.error("Honggfuzz server crashed? Killed?") return # honggfuzz says: Send fuzz data via network if honggData == "Fuzz": couldSend = False # are we really sure that the target is alive? If not, check if not haveCheckedTargetIsAlive: if not self.networkManager.waitForServerReadyness(): logging.error( "Wanted to fuzz, but targets seems down. Force honggfuzz to restart it." ) try: honggComm.writeSocket("bad!") except Exception as e: logging.error("Honggfuzz server crashed? Killed?") return self.iterStats["hangCount"] += 1 else: haveCheckedTargetIsAlive = True # check first if we have new corpus from other threads # if yes: send it. We'll ignore New!/Cras msgs by setting: # honggCorpusData = None if self.corpusManager.hasNewExternalCorpus(): honggCorpusData = None # ignore results corpus = self.corpusManager.getNewExternalCorpus() corpus.processed = True couldSend = self._connectAndSendData(corpus) # just randomly select a corpus, fuzz it, send it # honggfuzz will tell us what to do next else: self.iterStats["iterCount"] += 1 corpus = self.corpusManager.getRandomCorpus() honggCorpusData = mutatorInterface.fuzz(corpus) couldSend = self._connectAndSendData(honggCorpusData) if couldSend: # Notify honggfuzz that we are finished sending the fuzzed data try: honggComm.writeSocket("okay") except Exception as e: logging.error("Honggfuzz server crashed? Killed?") return # the correct way is to send SIGIO signal to honggfuzz # https://github.com/google/honggfuzz/issues/200 os.kill(serverManager.process.pid, signal.SIGIO) else: # target seems to be down. Have honggfuzz restart it # and hope for the best, but check after restart if it # is really up logging.warn( str(self.threadId) + ": Server appears to be down, force restart at iteration " + str(self.iterStats['iterCount'])) self.iterStats["hangCount"] += 1 try: honggComm.writeSocket("bad!") except Exception as e: logging.error("Honggfuzz server crashed? Killed?") return if self.config['hangsAreCrashes']: self._handleCrash(honggCorpusData, 'hang') self.iterStats["crashCount"] += 1 haveCheckedTargetIsAlive = False # honggfuzz says: new basic-block found # (from the data we sent before) elif honggData == "New!": # Warmup may result in a stray message, ignore here # If new-corpus-from-other-thread: Ignore here if honggCorpusData is not None: logging.info("--[ Adding file to corpus...") self.corpusManager.addNewCorpusData(honggCorpusData) honggCorpusData.getParentCorpus().statsAddNew() self.iterStats["corpusCount"] += 1 # honggfuzz says: target crashed (yay!) elif honggData == "Cras": # Warmup may result in a stray message, ignore here # If new-corpus-from-other-thread: Ignore here if honggCorpusData is not None: logging.info("--[ Adding crash...") self._handleCrash(honggCorpusData, 'honggcomm') self.iterStats["crashCount"] += 1 # target was down and needs to be restarted by honggfuzz. # check if it was successfully restarted! haveCheckedTargetIsAlive = False elif honggData == "": logging.info("Hongfuzz quit, exiting too\n") break else: # This should not happen logging.error("--[ Unknown Honggfuzz msg: " + str(honggData)) # periodically restart server if self.iterStats['iterCount'] > 0 and self.iterStats[ 'iterCount'] % self.config['restart_server_every'] == 0: logging.info("restart server periodically at iteration " + str(self.iterStats['iterCount'])) try: honggComm.writeSocket("bad!") except Exception as e: logging.error("Honggfuzz server crashed? Killed?") return haveCheckedTargetIsAlive = False if self.iterStats['iterCount'] > 0 and self.iterStats[ 'iterCount'] % 300 == 0: self.networkManager.tuneTimeouts( self.corpusManager.getMaxLatency())
def doActualFuzz(self): """ Child thread of fuzzer - does teh actual fuzzing. Sends results/stats via queue to the parent. Will start the target via honggfuzz, connect to the honggfuzz socket, and according to the honggfuzz commands from the socket, send the fuzzed messages to the target binary. """ #logging.basicConfig(level=logging.DEBUG) self.config["processes"] = 1 logging.info("Setup fuzzing..") random.seed(self.initialSeed) signal.signal(signal.SIGINT, signal_handler) targetPort = self.config["baseport"] + self.threadId self.targetPort = targetPort networkManager = networkmanager.NetworkManager(self.config, targetPort) self.corpusManager = corpusmanager.CorpusManager(self.config) self.corpusManager.initialLoad() self.corpusManager.startWatch() # start honggfuzz with target binary self._startServer() # connect with honggfuzz honggComm = honggcomm.HonggComm() honggComm.openSocket(self.fuzzerPid) # warmup # Send all initial corpus once and ignore new BB commands so we # dont add it again. # Note that at the end, there may be still commands in the socket # queue which we need to ignore on the fuzzing loop. initialCorpusIter = iter(self.corpusManager) logging.info("Performing warmup") while True: logging.debug("A warmup loop...") try: initialCorpusData = initialCorpusIter.next() except StopIteration: break honggData = honggComm.readSocket() if honggData == "Fuzz": logging.debug("Fuzz: Warmup send") self._connectAndSendData(networkManager, initialCorpusData) honggComm.writeSocket("okay") else: # We dont really care what the fuzzer sends us # BUT it should be always "New!" # It should never be "Cras" logging.debug("received: " + honggData) # the actual fuzzing logging.info("Performing fuzzing") fuzzingIterationData = None while True: logging.debug("A fuzzing loop...") self._uploadStats() self.corpusManager.checkForNewFiles() honggData = honggComm.readSocket() if honggData == "Fuzz": # check first if we have new corpus from other threads # if yes: send it. We'll ignore New!/Cras msgs by settings # fuzzingIterationData = None if self.corpusManager.hasNewExternalCorpus(): fuzzingIterationData = None # important corpus = self.corpusManager.getNewExternalCorpus() corpus.processed = True self._connectAndSendData(networkManager, corpus.getData()) # just randomly select a corpus, fuzz it, (handle result) else: self.iterStats["iterCount"] += 1 corpus = self.corpusManager.getRandomCorpus() fuzzingIterationData = FuzzingIterationData( self.config, corpus.getData()) if not fuzzingIterationData.fuzzData(): logging.error("Could not fuzz the data") return self._connectAndSendData(networkManager, fuzzingIterationData.fuzzedData) # send okay to continue honggfuzz honggComm.writeSocket("okay") elif honggData == "New!": # Warmup may result in a stray message, ignore here # If new-corpus-from-other-thread: Ignore here if fuzzingIterationData is not None: logging.info("--[ Adding file to corpus...") self.corpusManager.addNewCorpus( fuzzingIterationData.fuzzedData, fuzzingIterationData.seed) self.iterStats["corpusCount"] += 1 elif honggData == "Cras": # Warmup may result in a stray message, ignore here # If new-corpus-from-other-thread: Ignore here if fuzzingIterationData is not None: logging.info("--[ Adding crash...") self._handleCrash(fuzzingIterationData) self.iterStats["crashCount"] += 1 elif honggData == "": logging.info("Hongfuzz quit, exiting too\n") break else: # This should not happen logging.error("--[ Unknown: " + str(honggData))
def doActualFuzz(self): """ Child thread of fuzzer - does teh actual fuzzing. Sends results/stats via queue to the parent. Will start the target via honggfuzz, connect to the honggfuzz socket, and according to the honggfuzz commands from the socket, send the fuzzed messages to the target binary. New fuzzed data will be generated via FuzzingIterationData, where the initial data from the corpus is managed by CorpusManager. """ #logging.basicConfig(level=logging.DEBUG) if "debug" in self.config and self.config["debug"]: self.config["processes"] = 1 if "DebugWithFile" in self.config: utils.setupSlaveLoggingWithFile(self.threadId) logging.info("Setup fuzzing..") random.seed(self.initialSeed) signal.signal(signal.SIGINT, signal_handler) targetPort = self.config["baseport"] + self.threadId self.targetPort = targetPort networkManager = networkmanager.NetworkManager(self.config, targetPort) self.corpusManager = corpusmanager.CorpusManager(self.config) self.corpusManager.initialLoad() self.corpusManager.startWatch() # start honggfuzz with target binary self._startServer() # connect with honggfuzz honggComm = honggcomm.HonggComm() honggComm.openSocket(self.fuzzerPid) # warmup # Send all initial corpus once and ignore new BB commands so we # dont add it again. # Note that at the end, there may be still commands in the socket # queue which we need to ignore on the fuzzing loop. initialCorpusIter = iter(self.corpusManager) logging.info("Performing warmup") while True: logging.debug("A warmup loop...") try: initialCorpusData = initialCorpusIter.next() except StopIteration: break honggData = honggComm.readSocket() if honggData == "Fuzz": logging.debug("Fuzz: Warmup send") self._connectAndSendData(networkManager, initialCorpusData) honggComm.writeSocket("okay") else: # We dont really care what the fuzzer sends us # BUT it should be always "New!" # It should never be "Cras" logging.debug("received: " + honggData) # the actual fuzzing logging.info("Performing fuzzing") fuzzingIterationData = None # Just assume target is alive, because of the warmup phase # this var is needed mainly to not create false-positives, e.g. # if the target is for some reason unstartable, it would be detected # as crash haveCheckedTargetIsAlive = True while True: logging.debug("A fuzzing loop...") self._uploadStats() self.corpusManager.checkForNewFiles() honggData = honggComm.readSocket() # honggfuzz says: Send fuzz data via network if honggData == "Fuzz": couldSend = False # are we really sure that the target is alive? If not, check if not haveCheckedTargetIsAlive: if not networkManager.waitForServerReadyness(): logging.error( "Wanted to fuzz, but targets seems down. Force honggfuzz to restart it." ) honggComm.writeSocket("bad!") self.iterStats["timeoutCount"] += 1 else: haveCheckedTargetIsAlive = True # check first if we have new corpus from other threads # if yes: send it. We'll ignore New!/Cras msgs by setting: # fuzzingIterationData = None if self.corpusManager.hasNewExternalCorpus(): fuzzingIterationData = None # ignore results corpus = self.corpusManager.getNewExternalCorpus() corpus.processed = True couldSend = self._connectAndSendData( networkManager, corpus.getData()) # just randomly select a corpus, fuzz it, send it # honggfuzz will tell us what to do next else: self.iterStats["iterCount"] += 1 corpus = self.corpusManager.getRandomCorpus() fuzzingIterationData = FuzzingIterationData( self.config, corpus.getData(), corpus) if not fuzzingIterationData.fuzzData(): logging.error("Could not fuzz the data") return couldSend = self._connectAndSendData( networkManager, fuzzingIterationData.fuzzedData) if couldSend: # all ok... honggComm.writeSocket("okay") else: # target seems to be down. Have honggfuzz restart it # and hope for the best, but check after restart if it # is really up logging.info("Server appears to be down, force restart") self.iterStats["timeoutCount"] += 1 honggComm.writeSocket("bad!") haveCheckedTargetIsAlive = False # honggfuzz says: new basic-block found # (from the data we sent before) elif honggData == "New!": # Warmup may result in a stray message, ignore here # If new-corpus-from-other-thread: Ignore here if fuzzingIterationData is not None: logging.info("--[ Adding file to corpus...") self.corpusManager.addNewCorpus( fuzzingIterationData.fuzzedData, fuzzingIterationData.seed) fuzzingIterationData.getParentCorpus().statsAddNew() self.iterStats["corpusCount"] += 1 # honggfuzz says: target crashed (yay!) elif honggData == "Cras": # Warmup may result in a stray message, ignore here # If new-corpus-from-other-thread: Ignore here if fuzzingIterationData is not None: logging.info("--[ Adding crash...") self._handleCrash(fuzzingIterationData) self.iterStats["crashCount"] += 1 # target was down and needs to be restarted by honggfuzz. # check if it was successfully restarted! haveCheckedTargetIsAlive = False elif honggData == "": logging.info("Hongfuzz quit, exiting too\n") break else: # This should not happen logging.error("--[ Unknown Honggfuzz msg: " + str(honggData))