dobin / ffw Goto Github PK
View Code? Open in Web Editor NEWA fuzzing framework for network servers
License: GNU General Public License v3.0
A fuzzing framework for network servers
License: GNU General Public License v3.0
Currently FFW only supports mutation fuzzers, which are based on prerecorded data from the interceptor.
It should also support generative fuzzers, which do not have prerecorded data.
Hello.
Can I proceed to Verify or replay without using the ffw framework?
I am using the ffw framework and using replay will crash.
However, collisions do not occur if the conflict file is transmitted using telnet.
Thanks.
It'd be nice if generated files could be kept via some option (e.g. keep_temp: True
).
What do you think?
Hello,
Can I disable the target_args, baseport option in the fuzzing.py file?
The application I'm testing does not accept any arguments.
However, if I leave the options above blank, I get an error.
Thanks.
Setup in fuzzing.py
# target arguments
# separate arguments by space
# keywords: ""%(port)i" is the port the server will be started on
"target_args": "",
# if you cant specify the port on the command line,
# hardcode it here. Note that it will work only with one fuzzing instance.
"baseport": 9102,
# how many fuzzing instances should we start
"processes": 1,
# "tcp" or "udp" protocol?
"ipproto": "udp",
Error log.
y1026@y1026:~/ffw/test$ ./fuzzing.py --intercept --listenport 1024 --debug
Client Manager
Network Server Manager
Interceptor listen on port: 1024
Target server port: 9102
INFO:root:Starting server with args: ['/home/y1026/ffw/test/test', '']
INFO:root: Pid: 11273
INFO:root: Return code: 0
Could not start server, check its output
If the communication with honggfuzz drops, it should be restarted.
Reference: #11
Hi.
Long time no see.
If ffw use the intercept option and send a packet from the client, an error occurs.
How can we solve it?
Thanks
error log
y1026@y1026:~/ffw/test$ ../ffw.py --intercept --debug
Basedir: /home/y1026/ffw
Config file: /home/y1026/ffw/test/config.py
Interceptor listen on port: 10000
Target server port: 1234
INFO:root:Starting server with args: ['/home/y1026/ffw/test', 'listen']
INFO:root: Pid: 10188
INFO:root: Return code: None
INFO:root:Start server PID: 10188
INFO:root:Using: TCP
INFO:root:NET Check if we can connect to server localhost:1234
DEBUG:root:NET testServerConnectionTcp: connect to ('localhost', 1234)
INFO:root:Interceptor: Forwarding everything to localhost:1234
INFO:root:Interceptor: Waiting for new client on port: 10000
Interceptor: Got new client
INFO:root:Interceptor TCP Thread: Client Thread0 started
INFO:root:Interceptor TCP Thread: Logging into: localhost:1234
ERROR:root:Interceptor TCP Thread: connect() exception: [Errno 111] Connection refused
ERROR:root:Interceptor TCP Thread: while connecting to: localhost:1234
Hello,
An error occurs after running ffw and after a certain period of time.
Thanks.
OS: Ubuntu 16_04 64bit.
DEBUG:root:A fuzzing loop...
INFO:root:Open connection on localhost:1024
DEBUG:root:Fuzzing the data
DEBUG:root:selected input: 17 from: cli len: 37
INFO:root:Call fuzzer, seed: 8752516099303341458
DEBUG:root:CMD: -s 8752516099303341458 -o /home/y1026/ffw/vulnserver/temp/8752516099303341458.out.raw "/home/y1026/ffw/vulnserver/temp/8752516099303341458.in.raw"
DEBUG:root:Read fuzzing data: craaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaProcess Process-1:
Traceback (most recent call last):
File "/usr/lib/python2.7/multiprocessing/process.py", line 258, in _bootstrap
self.run()
File "/usr/lib/python2.7/multiprocessing/process.py", line 114, in run
self._target(*self._args, **self._kwargs)
File "/home/y1026/ffw/vulnserver/../fuzzer/fuzzingslave.py", line 137, in doActualFuzz
sendDataResult = self.sendPreData(networkManager, fuzzingIterationData)
File "/home/y1026/ffw/vulnserver/../fuzzer/fuzzingslave.py", line 220, in sendPreData
ret = networkManager.sendData(message)
File "/home/y1026/ffw/vulnserver/../network/networkmanager.py", line 82, in sendDataTcp
print((message["data"]))
IOError: [Errno 11] Resource temporarily unavailable
or
INFO:root:ReceiveData err on msg 7: timed out
DEBUG:root:SOCKET: Send: okay
DEBUG:root:A fuzzing loop...
DEBUG:root:SOCKET: Try to recv
Process Process-1:
Traceback (most recent call last):
File "/usr/lib/python2.7/multiprocessing/process.py", line 258, in _bootstrap
self.run()
File "/usr/lib/python2.7/multiprocessing/process.py", line 114, in run
self._target(*self._args, **self._kwargs)
File "/home/y1026/ffw/vulnserver/../honggmode/honggslave.py", line 129, in doActualFuzz
honggData = honggComm.readSocket()
File "/home/y1026/ffw/vulnserver/../honggmode/honggcomm.py", line 33, in readSocket
recv = self.sock.recv(4).decode()
error: [Errno 104] Connection reset by peer
Hello,
I succeeded in the tutorial.
There are conflict files in out.
but, I get an error when I execute the minimize command.
Thanks
y1026@y1026:~/ffw/vulnserver$ ./fuzzing.py --minimize --debug
Client Manager
Network Server Manager
Processing 24 outcome files
Traceback (most recent call last):
File "./fuzzing.py", line 102, in <module>
sys.exit(main())
File "./fuzzing.py", line 98, in main
framework.realMain(config)
File "/home/y1026/ffw/vulnserver/../framework.py", line 189, in realMain
mini.minimizeOutDir()
File "/home/y1026/ffw/vulnserver/../verifier/minimizer.py", line 42, in minimizeOutDir
idx = crashDetails["faultOffset"]
KeyError: 'faultOffset'
enum34 package should be required.
Otherwise errors such "Address already in use" might occur.
It'd be great if, in a similar fashion to printpickle.py or perhaps via fuzzing.py, one could import corpora from other projects (e.g. https://github.com/dvyukov/go-fuzz-corpus) to use with ffw.
The legacy with the baseport
and newer targetport
is confusing, and not implemented consistently.
Reference: #23 (comment)
Redesign FFW so the default is a target with a static, unchangeable port. This is the case most of the time.
Add parallel fuzzing (with baseport
) config options as an afterthought, with explicit configuration.
Hi
I tried to do the setup of ffw with honggmode by following the README but it's failing at the final step when I try to run the fuzzer. Can someone please help me here.
I am using ubuntu18.04
(python2.7_venv) root@ashish-VirtualBox:/home/ashish/network-fuzzer/ffw/vulnserver# ../ffw.py --honggmode
Basedir: /home/ashish/network-fuzzer/ffw
Config file: /home/ashish/network-fuzzer/ffw/vulnserver/config.py
Rember "use_netnamespace requires nesting in container"
Start fuzzing child #0
Process Process-1:
Traceback (most recent call last):
File "/usr/lib/python2.7/multiprocessing/process.py", line 267, in _bootstrap
self.run()
File "/usr/lib/python2.7/multiprocessing/process.py", line 114, in run
self._target(*self._args, **self._kwargs)
File "/home/ashish/network-fuzzer/ffw/honggmode/honggslave.py", line 69, in doActualFuzz
targetutils.startInNamespace(self.realDoActualFuzz, self.threadId)
File "/home/ashish/network-fuzzer/ffw/target/targetutils.py", line 39, in startInNamespace
func()
File "/home/ashish/network-fuzzer/ffw/honggmode/honggslave.py", line 117, in realDoActualFuzz
if honggComm.openSocket(serverManager.process.pid):
AttributeError: 'NoneType' object has no attribute 'pid'
config.py is as follows:
(python2.7_venv) root@ashish-VirtualBox:/home/ashish/network-fuzzer/ffw/vulnserver# cat config.py
# this is a dedicated configuration file
# the same content as fuzzing.py
{
# name of the software we fuzz
"name": "vulnserver",
# which version of the software are we fuzzing (optional)
"version": "",
# additional comment about this project (optional)
"comment": "",
# Path to target
"target_bin": "bin/vulnserver_hfuzz",
# target arguments
# separate arguments by space
# keywords: ""%(port)i" is the port the server will be started on
"target_args": "%(port)i",
# if you cant specify the port on the command line,
# hardcode it here. Note that it will work only with one fuzzing instance.
"target_port": 20000,
# how many fuzzing instances should we start
"processes": 1,
# "tcp" or "udp" protocol?
"ipproto": "tcp",
"honggpath": "/home/ashish/network-fuzzer/honggfuzz/honggfuzz",
"use_netnamespace": True,
}
fuzzing.py is no more
Hi, I noticed that the socketfuzzer patch in Honggfuzz has been provided by you and would be obliged if I could get some details regarding its integration into Honggfuzz from you.
In the case of this socketfuzzer paradigm, hongfuzz attaches to a long standing fuzz target
(server), exposes a socket for the external fuzzer to connect and then orchestrates the
fuzzing process.
One thing that I am not able to grasp is how is the hongfuzz instance aware of the bitmap
that is being updated for an already running server. As far as I understand from the code, the bitmap is
kept in-memory and updated when the registered callbacks are triggered and didn't see it being written to disk.
Also, I've been having trouble dumping the coverage files using the covdir_all
option when I try to use it in conjunction with the socketfuzzer functionality. Is it a configuration issue on my end or should I triage this issue further?
I have a setup, where the target runs in a local, virtual network, so the target is not reachable by localhost. It would be nice to specify an IP in the config file for remote services.
Making a target work can be a cumbersome process. Some notes UX problems:
It is not transparent what is happening, why the many different ports, and how to identify what went wrong.
Hello,
Using the Verify function in ffw causes an error.
ffw file: out.zip
Thanks.
OS: Ubuntu 16_04 64bit.
y1026@y1026-VirtualBox:~/ffw/vulnserver$ ./fuzzing.py --verify --debug
Client Manager
Network Server Manager
INFO:root:Crash verifier
Processing 1 outcome files
Now processing: 0: /home/y1026/ffw/vulnserver/out/9215452092389361146.ffw
INFO:root:Using: TCP
INFO:root:DebugServer: Start Server
DEBUG:root:START: ['/home/y1026/ffw/vulnserver/bin/vulnserver_asan', '21000']
INFO:root:Attach <PtraceProcess #30140> to debugger
INFO:root:Set <PtraceProcess #30140> options to 1
Listening on port: 20000
INFO:root:Server PID: 30140
INFO:root:DebugServer: Waiting for process event
INFO:root:Verifier: Server pid: 30140
INFO:root:Verifier: Server Port: 20000
Check if we can connect to server
INFO:root:Verifier: Sending fuzzed messages
INFO:root:Open connection on localhost:20000
New client connected
New client connected
Received data with len: 1024 on state: 0
Auth success
Received data with len: 1024 on state: 1
INFO:root:DebugServer: Got event: Signal SIGABRT
INFO:root:DebugServer: Event Result: Crash
INFO:root:Get asan output: /home/y1026/ffw/vulnserver/temp/asan.30140
INFO:root:ReceiveData err on msg 3: timed out
INFO:root:Verifier: Wait for crash data
INFO:root:Found ASAN output file. Good.
INFO:root:Quit debugger
WARNING:root:Terminate <PtraceProcess #30140>
INFO:root:Verifier: I've got a crash:
DEBUG:root:debugVerifyCrashData Register : {'gs': '0', 'gs_base': '0', 'rip': '140023069148200', 'r9': '18', 'r15': '140723752272432', 'cs': '51', 'es': '0', 'r13': '1024', 'rcx': '140023069148200', 'rax': '0', 'r14': '1024', 'fs': '0', 'r12': '140723752274800', 'rsi': '30140', 'r10': '8', 'r11': '514', 'orig_rax': '234', 'fs_base': '140023091140480', 'rsp': '140723752271800', 'ds': '0', 'rbx': '140723752272224', 'ss': '43', 'r8': '1', 'rdx': '6', 'rbp': '140723752274624', 'eflags': '514', 'rdi': '30140'}
DEBUG:root:debugVerifyCrashData Backtrace: ['IP=0x00007f59a94c0428: ??? ()', 'IP=0x00007f59a95822c0: ??? ()']
DEBUG:root:debugVerifyCrashData Cause : None
ASANdata: ['=================================================================', '==30140==ERROR: AddressSanitizer: memcpy-param-overlap: memory ranges [0x7ffccd440ac0,0x7ffccd440ec0) and [0x7ffccd440b70, 0x7ffccd440f70) overlap', '#0 0x7f59a98e1662 in __asan_memcpy (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x8c662)', '#1 0x401033 in handleData1 /home/y1026/ffw/vulnserver/vulnserver.c:20', '#2 0x40128a in doprocessing /home/y1026/ffw/vulnserver/vulnserver.c:51', '#3 0x401627 in main /home/y1026/ffw/vulnserver/vulnserver.c:114', '#4 0x7f59a94ab82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)', '#5 0x400ea8 in _start (/home/y1026/ffw/vulnserver/bin/vulnserver_asan+0x400ea8)', '', 'Address 0x7ffccd440ac0 is located in stack of thread T0 at offset 32 in frame', '#0 0x400fa1 in handleData1 /home/y1026/ffw/vulnserver/vulnserver.c:18', '', 'This frame has 1 object(s):', "[32, 40) 'buff' <== Memory access at offset 32 partially overflows this variable", 'HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext', '(longjmp and C++ exceptions *are* supported)', 'Address 0x7ffccd440b70 is located in stack of thread T0 at offset 32 in frame', '#0 0x4010d8 in doprocessing /home/y1026/ffw/vulnserver/vulnserver.c:31', '', 'This frame has 1 object(s):', "[32, 1056) 'data' <== Memory access at offset 32 is inside this variable", 'HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext', '(longjmp and C++ exceptions *are* supported)', 'SUMMARY: AddressSanitizer: memcpy-param-overlap ??:0 __asan_memcpy', '==30140==ABORTING']
Mainline: ['==30140==ERROR:', 'AddressSanitizer:', 'memcpy-param-overlap:', 'memory', 'ranges', '[0x7ffccd440ac0,0x7ffccd440ec0)', 'and', '[0x7ffccd440b70,', '0x7ffccd440f70)', 'overlap']
Traceback (most recent call last):
File "./fuzzing.py", line 102, in <module>
sys.exit(main())
File "./fuzzing.py", line 98, in main
framework.realMain(config)
File "/home/y1026/ffw/vulnserver/../framework.py", line 185, in realMain
v.verifyOutDir()
File "/home/y1026/ffw/vulnserver/../verifier/verifier.py", line 104, in verifyOutDir
self._verifyOutcome(targetPort, outcomeFile)
File "/home/y1026/ffw/vulnserver/../verifier/verifier.py", line 152, in _verifyOutcome
asanVerifyCrashData = asanParser.getAsCrashData()
File "/home/y1026/ffw/vulnserver/../verifier/asanparser.py", line 35, in getAsCrashData
asanData = self.getAsanData()
File "/home/y1026/ffw/vulnserver/../verifier/asanparser.py", line 90, in getAsanData
asanData["faultAddress"] = int(mainLine[8], 16)
ValueError: invalid literal for int() with base 16: '0x7ffccd440f70)'
Hello,
An error occurs after running ffw and after a certain period of time.
Thanks.
OS: Ubuntu 16_04 64bit.
INFO:root:Send pre data:
DEBUG:root: Sending pre message: 0
INFO:root:Send data:
DEBUG:root: Sending fuzzed message: 1
INFO:root:Restart server periodically: 10000
Process Process-1:
Traceback (most recent call last):
File "/usr/lib/python2.7/multiprocessing/process.py", line 258, in _bootstrap
self.run()
File "/usr/lib/python2.7/multiprocessing/process.py", line 114, in run
self._target(*self._args, **self._kwargs)
File "/home/y1026/ffw/vulnserver/../fuzzer/fuzzingslave.py", line 186, in doActualFuzz
serverManager.restart()
File "/home/y1026/ffw/vulnserver/../fuzzer/simpleservermanager.py", line 72, in restart
self.stop()
File "/home/y1026/ffw/vulnserver/../fuzzer/simpleservermanager.py", line 64, in stop
logging.info("Stop server PID: " + str(self.process.pid))
AttributeError: 'NoneType' object has no attribute 'pid'
Hello,
Running honggfuzz mode will result in an error.
I run it by modifying some sources, but it is unstable.
Thanks.
y1026@y1026:~/ffw/vulnserver$ ./fuzzing.py --honggmode --debug
Client Manager
Network Server Manager
Start fuzzing child #0
INFO:root:Setup fuzzing..
INFO:root:Using: TCP
DEBUG:root:Load Corpus file: /home/y1026/ffw/vulnserver/in/data_0.pickle
INFO:root:Load external corpus: /home/y1026/ffw/vulnserver/in/data_0.pickle
DEBUG:root:Starting server/honggfuzz
INFO:root:Starting server/honggfuzz with args: ['/home/y1026/honggfuzz/honggfuzz', '--keep_output', '--sanitizers', '--sancov', '--threads', '1', '--stdin_input', '--socket_fuzzer', '-d', '4', '-l', 'honggfuzz.log', '--', '/home/y1026/ffw/vulnserver/bin/vulnserver_hfuzz', '']
Thread: Iterations CorpusNew CorpusOverall Crashes Fuzz/s
INFO:root:Honggcomm Error, could not connect to honggfuzz socket: [Errno 2] No such file or directory
INFO:root:Honggcomm Error, could not connect to honggfuzz socket: [Errno 2] No such file or directory
INFO:root:Honggcomm Error, could not connect to honggfuzz socket: [Errno 2] No such file or directory
INFO:root:Honggcomm Error, could not connect to honggfuzz socket: [Errno 2] No such file or directory
INFO:root:Honggcomm Error, could not connect to honggfuzz socket: [Errno 2] No such file or directory
INFO:root:Honggcomm Error, could not connect to honggfuzz socket: [Errno 2] No such file or directory
hi dobin:
please How about Explanatory Language FUZZ?
some server is .jar .py how about use ffw fuzz?
this my fuzz python SimpleHTTPServer config, please help me look at:
# name of the software we fuzz
"name": "SimpleHTTPServer",
# which version of the software are we fuzzing (optional)
"version": "1.0",
"use_netnamespace": True,
# additional comment about this project (optional)
"comment": "python httpserver",
# Path to target
"target_bin": "bin/python",
# target arguments
# separate arguments by space
# keywords: ""%(port)i" is the port the server will be started on
"target_args": "-m SimpleHTTPServer",
# the port the server uses
"target_port": 8000,
# how many fuzzing instances should we start
"processes": 2,
# "tcp" or "udp" protocol?
"ipproto": "tcp",
"restart_server_every": 32,
}
use this config run ffw.py --intercept , I send to http GET , stop ffw, but , I don't see .pickle file.
think you.
The current asan parser https://github.com/dobin/ffw/blob/master/verifier/asanparser.py is a complete hack.
Maybe someone else made a complete asan parser in python already?
If not, make it it's own project, add unit-tests.
Hello,
An error occurs after running ffw and after a certain period of time.
Thanks.
OS: Ubuntu 16_04 64bit.
DEBUG:root:A fuzzing loop...
INFO:root:Open connection on localhost:20000
INFO:root: Could not connect! Server is down: [Errno 111] Connection refused
INFO:root:Detected Crash (A)
Process Process-1:
Traceback (most recent call last):
File "/usr/lib64/python2.7/multiprocessing/process.py", line 258, in _bootstrap
self.run()
File "/usr/lib64/python2.7/multiprocessing/process.py", line 114, in run
self._target(*self._args, **self._kwargs)
File "/home/y1026/ffw/vulnserver/../fuzzer/fuzzingslave.py", line 125, in doActualFuzz
srvCrashData = serverManager.getCrashData()
File "/home/y1026/ffw/vulnserver/../fuzzer/simpleservermanager.py", line 126, in getCrashData
if self.process.poll():
AttributeError: 'NoneType' object has no attribute 'poll'
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.