dobin / ffw Goto Github PK

View Code? Open in Web Editor NEW

114.0 114.0 24.0 528 KB

A fuzzing framework for network servers

License: GNU General Public License v3.0

Python 96.40% Makefile 0.51% C 2.82% Shell 0.27%

fuzzer network server

ffw's People

Contributors

Stargazers

Watchers

ffw's Issues

Support generative fuzzers

Currently FFW only supports mutation fuzzers, which are based on prerecorded data from the interceptor.

It should also support generative fuzzers, which do not have prerecorded data.

Add fuzzer definition which indicates mutation/generation
Ignore missing data_*.pickle files if generation

Verify question

Hello.

Can I proceed to Verify or replay without using the ffw framework?

I am using the ffw framework and using replay will crash.

However, collisions do not occur if the conflict file is transmitted using telnet.

Thanks.

Feature request: ability to keep temporary files

It'd be nice if generated files could be kept via some option (e.g. keep_temp: True).
What do you think?

Program Options Question

Hello,

Can I disable the target_args, baseport option in the fuzzing.py file?

The application I'm testing does not accept any arguments.

However, if I leave the options above blank, I get an error.

Thanks.

Setup in fuzzing.py

    # target arguments
    # separate arguments by space
    # keywords: ""%(port)i" is the port the server will be started on
    "target_args": "",

    # if you cant specify the port on the command line,
    # hardcode it here. Note that it will work only with one fuzzing instance.
    "baseport": 9102,

    # how many fuzzing instances should we start
    "processes": 1,

    # "tcp" or "udp" protocol?
    "ipproto": "udp",

Error log.

y1026@y1026:~/ffw/test$ ./fuzzing.py --intercept --listenport 1024 --debug
Client Manager
Network Server Manager
Interceptor listen on port: 1024
Target server port: 9102
INFO:root:Starting server with args: ['/home/y1026/ffw/test/test', '']
INFO:root:  Pid: 11273
INFO:root:  Return code: 0
Could not start server, check its output

Restart honggfuzz on crash

If the communication with honggfuzz drops, it should be restarted.

Reference: #11

[Error] connect() exception: [Errno 111] Connection refused

Hi.

Long time no see.

If ffw use the intercept option and send a packet from the client, an error occurs.

How can we solve it?

Thanks

error log

y1026@y1026:~/ffw/test$ ../ffw.py --intercept --debug
Basedir: /home/y1026/ffw
Config file: /home/y1026/ffw/test/config.py
Interceptor listen on port: 10000
Target server port: 1234
INFO:root:Starting server with args: ['/home/y1026/ffw/test', 'listen']
INFO:root:  Pid: 10188
INFO:root:  Return code: None
INFO:root:Start server PID: 10188
INFO:root:Using: TCP
INFO:root:NET Check if we can connect to server localhost:1234
DEBUG:root:NET testServerConnectionTcp: connect to ('localhost', 1234)
INFO:root:Interceptor: Forwarding everything to localhost:1234
INFO:root:Interceptor: Waiting for new client on port: 10000
Interceptor: Got new client
INFO:root:Interceptor TCP Thread: Client Thread0 started
INFO:root:Interceptor TCP Thread: Logging into: localhost:1234
ERROR:root:Interceptor TCP Thread: connect() exception: [Errno 111] Connection refused
ERROR:root:Interceptor TCP Thread:   while connecting to: localhost:1234

IOError: [Errno 11] Resource temporarily unavailable

Hello,

An error occurs after running ffw and after a certain period of time.

Thanks.

OS: Ubuntu 16_04 64bit.

DEBUG:root:A fuzzing loop...
INFO:root:Open connection on localhost:1024
DEBUG:root:Fuzzing the data
DEBUG:root:selected input: 17  from: cli  len: 37
INFO:root:Call fuzzer, seed: 8752516099303341458
DEBUG:root:CMD: -s 8752516099303341458 -o /home/y1026/ffw/vulnserver/temp/8752516099303341458.out.raw "/home/y1026/ffw/vulnserver/temp/8752516099303341458.in.raw"
DEBUG:root:Read fuzzing data: craaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaProcess Process-1:
Traceback (most recent call last):
  File "/usr/lib/python2.7/multiprocessing/process.py", line 258, in _bootstrap
    self.run()
  File "/usr/lib/python2.7/multiprocessing/process.py", line 114, in run
    self._target(*self._args, **self._kwargs)
  File "/home/y1026/ffw/vulnserver/../fuzzer/fuzzingslave.py", line 137, in doActualFuzz
    sendDataResult = self.sendPreData(networkManager, fuzzingIterationData)
  File "/home/y1026/ffw/vulnserver/../fuzzer/fuzzingslave.py", line 220, in sendPreData
    ret = networkManager.sendData(message)
  File "/home/y1026/ffw/vulnserver/../network/networkmanager.py", line 82, in sendDataTcp
    print((message["data"]))
IOError: [Errno 11] Resource temporarily unavailable

INFO:root:ReceiveData err on msg 7: timed out
DEBUG:root:SOCKET: Send: okay
DEBUG:root:A fuzzing loop...
DEBUG:root:SOCKET: Try to recv
Process Process-1:
Traceback (most recent call last):
  File "/usr/lib/python2.7/multiprocessing/process.py", line 258, in _bootstrap
    self.run()
  File "/usr/lib/python2.7/multiprocessing/process.py", line 114, in run
    self._target(*self._args, **self._kwargs)
  File "/home/y1026/ffw/vulnserver/../honggmode/honggslave.py", line 129, in doActualFuzz
    honggData = honggComm.readSocket()
  File "/home/y1026/ffw/vulnserver/../honggmode/honggcomm.py", line 33, in readSocket
    recv = self.sock.recv(4).decode()
error: [Errno 104] Connection reset by peer

minimize error

Hello,

I succeeded in the tutorial.

There are conflict files in out.

but, I get an error when I execute the minimize command.

Thanks

y1026@y1026:~/ffw/vulnserver$ ./fuzzing.py --minimize --debug
Client Manager
Network Server Manager
Processing 24 outcome files
Traceback (most recent call last):
  File "./fuzzing.py", line 102, in <module>
    sys.exit(main())
  File "./fuzzing.py", line 98, in main
    framework.realMain(config)
  File "/home/y1026/ffw/vulnserver/../framework.py", line 189, in realMain
    mini.minimizeOutDir()
  File "/home/y1026/ffw/vulnserver/../verifier/minimizer.py", line 42, in minimizeOutDir
    idx = crashDetails["faultOffset"]
KeyError: 'faultOffset'

enum does not exist in python 2

enum34 package should be required.

Running with --test should terminate the process

Otherwise errors such "Address already in use" might occur.

Feature request: ability to import corpora from other projects

It'd be great if, in a similar fashion to printpickle.py or perhaps via fuzzing.py, one could import corpora from other projects (e.g. https://github.com/dvyukov/go-fuzz-corpus) to use with ffw.

Baseport / Targetport cleanup

The legacy with the baseport and newer targetport is confusing, and not implemented consistently.

Reference: #23 (comment)

Redesign FFW so the default is a target with a static, unchangeable port. This is the case most of the time.

Add parallel fuzzing (with baseport) config options as an afterthought, with explicit configuration.

Error while running in honggmode

I tried to do the setup of ffw with honggmode by following the README but it's failing at the final step when I try to run the fuzzer. Can someone please help me here.

I am using ubuntu18.04

(python2.7_venv) root@ashish-VirtualBox:/home/ashish/network-fuzzer/ffw/vulnserver# ../ffw.py --honggmode
Basedir: /home/ashish/network-fuzzer/ffw
Config file: /home/ashish/network-fuzzer/ffw/vulnserver/config.py
Rember "use_netnamespace requires nesting in container"
Start fuzzing child #0
Process Process-1:
Traceback (most recent call last):
  File "/usr/lib/python2.7/multiprocessing/process.py", line 267, in _bootstrap
    self.run()
  File "/usr/lib/python2.7/multiprocessing/process.py", line 114, in run
    self._target(*self._args, **self._kwargs)
  File "/home/ashish/network-fuzzer/ffw/honggmode/honggslave.py", line 69, in doActualFuzz
    targetutils.startInNamespace(self.realDoActualFuzz, self.threadId)
  File "/home/ashish/network-fuzzer/ffw/target/targetutils.py", line 39, in startInNamespace
    func()
  File "/home/ashish/network-fuzzer/ffw/honggmode/honggslave.py", line 117, in realDoActualFuzz
    if honggComm.openSocket(serverManager.process.pid):
AttributeError: 'NoneType' object has no attribute 'pid'

config.py is as follows:

(python2.7_venv) root@ashish-VirtualBox:/home/ashish/network-fuzzer/ffw/vulnserver# cat config.py 
# this is a dedicated configuration file
# the same content as fuzzing.py

{
    # name of the software we fuzz
    "name": "vulnserver",

    # which version of the software are we fuzzing (optional)
    "version": "",

    # additional comment about this project (optional)
    "comment": "",

    # Path to target
    "target_bin": "bin/vulnserver_hfuzz",

    # target arguments
    # separate arguments by space
    # keywords: ""%(port)i" is the port the server will be started on
    "target_args": "%(port)i",

    # if you cant specify the port on the command line,
    # hardcode it here. Note that it will work only with one fuzzing instance.
    "target_port": 20000,

    # how many fuzzing instances should we start
    "processes": 1,

    # "tcp" or "udp" protocol?
    "ipproto": "tcp",

    "honggpath": "/home/ashish/network-fuzzer/honggfuzz/honggfuzz",

    "use_netnamespace": True,
}

Out of date instructions and/or not working

fuzzing.py is no more

Understanding integration of ffw in Honggfuzz

Hi, I noticed that the socketfuzzer patch in Honggfuzz has been provided by you and would be obliged if I could get some details regarding its integration into Honggfuzz from you.

In the case of this socketfuzzer paradigm, hongfuzz attaches to a long standing fuzz target
(server), exposes a socket for the external fuzzer to connect and then orchestrates the
fuzzing process.

One thing that I am not able to grasp is how is the hongfuzz instance aware of the bitmap
that is being updated for an already running server. As far as I understand from the code, the bitmap is
kept in-memory and updated when the registered callbacks are triggered and didn't see it being written to disk.

Also, I've been having trouble dumping the coverage files using the covdir_all option when I try to use it in conjunction with the socketfuzzer functionality. Is it a configuration issue on my end or should I triage this issue further?

Target IP instead of localhost

I have a setup, where the target runs in a local, virtual network, so the target is not reachable by localhost. It would be nice to specify an IP in the config file for remote services.

User Experience: Debugging uncooperative target

Making a target work can be a cumbersome process. Some notes UX problems:

While the fuzzer uses port 20'000++, the interceptor uses command line argument --port, and --port+1
There is not enough debug output what the error may be if ffw cannot connect to the target
Can't see stdout/stderr of target program

It is not transparent what is happening, why the many different ports, and how to identify what went wrong.

invalid literal for int() with base 16: '0x7ffccd440f70)'

Hello,

Using the Verify function in ffw causes an error.

ffw file: out.zip

Thanks.

OS: Ubuntu 16_04 64bit.

y1026@y1026-VirtualBox:~/ffw/vulnserver$ ./fuzzing.py --verify --debug
Client Manager
Network Server Manager
INFO:root:Crash verifier
Processing 1 outcome files
Now processing: 0: /home/y1026/ffw/vulnserver/out/9215452092389361146.ffw
INFO:root:Using: TCP
INFO:root:DebugServer: Start Server
DEBUG:root:START: ['/home/y1026/ffw/vulnserver/bin/vulnserver_asan', '21000']
INFO:root:Attach <PtraceProcess #30140> to debugger
INFO:root:Set <PtraceProcess #30140> options to 1
Listening on port: 20000
INFO:root:Server PID: 30140
INFO:root:DebugServer: Waiting for process event
INFO:root:Verifier: Server pid: 30140
INFO:root:Verifier: Server Port: 20000
Check if we can connect to server
INFO:root:Verifier: Sending fuzzed messages
INFO:root:Open connection on localhost:20000
New client connected
New client connected
Received data with len: 1024 on state: 0
Auth success
Received data with len: 1024 on state: 1
INFO:root:DebugServer: Got event: Signal SIGABRT
INFO:root:DebugServer: Event Result: Crash
INFO:root:Get asan output: /home/y1026/ffw/vulnserver/temp/asan.30140
INFO:root:ReceiveData err on msg 3: timed out
INFO:root:Verifier: Wait for crash data
INFO:root:Found ASAN output file. Good.
INFO:root:Quit debugger
WARNING:root:Terminate <PtraceProcess #30140>
INFO:root:Verifier: I've got a crash: 
DEBUG:root:debugVerifyCrashData Register : {'gs': '0', 'gs_base': '0', 'rip': '140023069148200', 'r9': '18', 'r15': '140723752272432', 'cs': '51', 'es': '0', 'r13': '1024', 'rcx': '140023069148200', 'rax': '0', 'r14': '1024', 'fs': '0', 'r12': '140723752274800', 'rsi': '30140', 'r10': '8', 'r11': '514', 'orig_rax': '234', 'fs_base': '140023091140480', 'rsp': '140723752271800', 'ds': '0', 'rbx': '140723752272224', 'ss': '43', 'r8': '1', 'rdx': '6', 'rbp': '140723752274624', 'eflags': '514', 'rdi': '30140'}
DEBUG:root:debugVerifyCrashData Backtrace: ['IP=0x00007f59a94c0428: ??? ()', 'IP=0x00007f59a95822c0: ??? ()']
DEBUG:root:debugVerifyCrashData Cause    : None
ASANdata: ['=================================================================', '==30140==ERROR: AddressSanitizer: memcpy-param-overlap: memory ranges [0x7ffccd440ac0,0x7ffccd440ec0) and [0x7ffccd440b70, 0x7ffccd440f70) overlap', '#0 0x7f59a98e1662 in __asan_memcpy (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x8c662)', '#1 0x401033 in handleData1 /home/y1026/ffw/vulnserver/vulnserver.c:20', '#2 0x40128a in doprocessing /home/y1026/ffw/vulnserver/vulnserver.c:51', '#3 0x401627 in main /home/y1026/ffw/vulnserver/vulnserver.c:114', '#4 0x7f59a94ab82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)', '#5 0x400ea8 in _start (/home/y1026/ffw/vulnserver/bin/vulnserver_asan+0x400ea8)', '', 'Address 0x7ffccd440ac0 is located in stack of thread T0 at offset 32 in frame', '#0 0x400fa1 in handleData1 /home/y1026/ffw/vulnserver/vulnserver.c:18', '', 'This frame has 1 object(s):', "[32, 40) 'buff' <== Memory access at offset 32 partially overflows this variable", 'HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext', '(longjmp and C++ exceptions *are* supported)', 'Address 0x7ffccd440b70 is located in stack of thread T0 at offset 32 in frame', '#0 0x4010d8 in doprocessing /home/y1026/ffw/vulnserver/vulnserver.c:31', '', 'This frame has 1 object(s):', "[32, 1056) 'data' <== Memory access at offset 32 is inside this variable", 'HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext', '(longjmp and C++ exceptions *are* supported)', 'SUMMARY: AddressSanitizer: memcpy-param-overlap ??:0 __asan_memcpy', '==30140==ABORTING']
Mainline: ['==30140==ERROR:', 'AddressSanitizer:', 'memcpy-param-overlap:', 'memory', 'ranges', '[0x7ffccd440ac0,0x7ffccd440ec0)', 'and', '[0x7ffccd440b70,', '0x7ffccd440f70)', 'overlap']
Traceback (most recent call last):
  File "./fuzzing.py", line 102, in <module>
    sys.exit(main())
  File "./fuzzing.py", line 98, in main
    framework.realMain(config)
  File "/home/y1026/ffw/vulnserver/../framework.py", line 185, in realMain
    v.verifyOutDir()
  File "/home/y1026/ffw/vulnserver/../verifier/verifier.py", line 104, in verifyOutDir
    self._verifyOutcome(targetPort, outcomeFile)
  File "/home/y1026/ffw/vulnserver/../verifier/verifier.py", line 152, in _verifyOutcome
    asanVerifyCrashData = asanParser.getAsCrashData()
  File "/home/y1026/ffw/vulnserver/../verifier/asanparser.py", line 35, in getAsCrashData
    asanData = self.getAsanData()
  File "/home/y1026/ffw/vulnserver/../verifier/asanparser.py", line 90, in getAsanData
    asanData["faultAddress"] = int(mainLine[8], 16)
ValueError: invalid literal for int() with base 16: '0x7ffccd440f70)'

AttributeError: 'NoneType' object has no attribute 'pid'

Hello,

An error occurs after running ffw and after a certain period of time.

Thanks.

OS: Ubuntu 16_04 64bit.

INFO:root:Send pre data: 
DEBUG:root:  Sending pre message: 0
INFO:root:Send data: 
DEBUG:root:  Sending fuzzed message: 1
INFO:root:Restart server periodically: 10000
Process Process-1:
Traceback (most recent call last):
  File "/usr/lib/python2.7/multiprocessing/process.py", line 258, in _bootstrap
    self.run()
  File "/usr/lib/python2.7/multiprocessing/process.py", line 114, in run
    self._target(*self._args, **self._kwargs)
  File "/home/y1026/ffw/vulnserver/../fuzzer/fuzzingslave.py", line 186, in doActualFuzz
    serverManager.restart()
  File "/home/y1026/ffw/vulnserver/../fuzzer/simpleservermanager.py", line 72, in restart
    self.stop()
  File "/home/y1026/ffw/vulnserver/../fuzzer/simpleservermanager.py", line 64, in stop
    logging.info("Stop server PID: " + str(self.process.pid))
AttributeError: 'NoneType' object has no attribute 'pid'

honggfuzz mode error.

Hello,

Running honggfuzz mode will result in an error.

I run it by modifying some sources, but it is unstable.

Thanks.

y1026@y1026:~/ffw/vulnserver$ ./fuzzing.py --honggmode --debug
Client Manager
Network Server Manager
Start fuzzing child #0
INFO:root:Setup fuzzing..
INFO:root:Using: TCP
DEBUG:root:Load Corpus file: /home/y1026/ffw/vulnserver/in/data_0.pickle
INFO:root:Load external corpus: /home/y1026/ffw/vulnserver/in/data_0.pickle
DEBUG:root:Starting server/honggfuzz
INFO:root:Starting server/honggfuzz with args: ['/home/y1026/honggfuzz/honggfuzz', '--keep_output', '--sanitizers', '--sancov', '--threads', '1', '--stdin_input', '--socket_fuzzer', '-d', '4', '-l', 'honggfuzz.log', '--', '/home/y1026/ffw/vulnserver/bin/vulnserver_hfuzz', '']
Thread:  Iterations  CorpusNew  CorpusOverall  Crashes  Fuzz/s
INFO:root:Honggcomm Error, could not connect to honggfuzz socket: [Errno 2] No such file or directory
INFO:root:Honggcomm Error, could not connect to honggfuzz socket: [Errno 2] No such file or directory
INFO:root:Honggcomm Error, could not connect to honggfuzz socket: [Errno 2] No such file or directory
INFO:root:Honggcomm Error, could not connect to honggfuzz socket: [Errno 2] No such file or directory
INFO:root:Honggcomm Error, could not connect to honggfuzz socket: [Errno 2] No such file or directory
INFO:root:Honggcomm Error, could not connect to honggfuzz socket: [Errno 2] No such file or directory

How about Explanatory Language FUZZ?

hi dobin:
please How about Explanatory Language FUZZ?
some server is .jar .py how about use ffw fuzz?
this my fuzz python SimpleHTTPServer config, please help me look at:

# name of the software we fuzz
"name": "SimpleHTTPServer",

# which version of the software are we fuzzing (optional)
"version": "1.0",

"use_netnamespace": True,

# additional comment about this project (optional)
"comment": "python httpserver",

# Path to target
"target_bin": "bin/python",

# target arguments
# separate arguments by space
# keywords: ""%(port)i" is the port the server will be started on
"target_args": "-m SimpleHTTPServer",

# the port the server uses
"target_port": 8000,

# how many fuzzing instances should we start
"processes": 2,

# "tcp" or "udp" protocol?
"ipproto": "tcp",

"restart_server_every": 32,
}

use this config run  ffw.py --intercept , I send to http GET , stop ffw, but , I don't see .pickle file.
think you.

Sane ASAN Parser

The current asan parser https://github.com/dobin/ffw/blob/master/verifier/asanparser.py is a complete hack.

Maybe someone else made a complete asan parser in python already?

If not, make it it's own project, add unit-tests.

AttributeError: 'NoneType' object has no attribute 'poll'

Hello,

An error occurs after running ffw and after a certain period of time.

Thanks.

OS: Ubuntu 16_04 64bit.

DEBUG:root:A fuzzing loop...
INFO:root:Open connection on localhost:20000
INFO:root:  Could not connect! Server is down: [Errno 111] Connection refused
INFO:root:Detected Crash (A)
Process Process-1:
Traceback (most recent call last):
  File "/usr/lib64/python2.7/multiprocessing/process.py", line 258, in _bootstrap
    self.run()
  File "/usr/lib64/python2.7/multiprocessing/process.py", line 114, in run
    self._target(*self._args, **self._kwargs)
  File "/home/y1026/ffw/vulnserver/../fuzzer/fuzzingslave.py", line 125, in doActualFuzz
    srvCrashData = serverManager.getCrashData()
  File "/home/y1026/ffw/vulnserver/../fuzzer/simpleservermanager.py", line 126, in getCrashData
    if self.process.poll():
AttributeError: 'NoneType' object has no attribute 'poll'

dobin / ffw Goto Github PK

ffw's People

Contributors

Stargazers

Watchers

Forkers

ffw's Issues

Recommend Projects

Recommend Topics

Recommend Org

Jobs