s_repeat problem

[Young Thomas]

I use boofuzz for ics protocol fuzz, i need a repeat table  for protocol,but when i use wireshark to dump the pcap file, i  found the pcaps list do not contain the table field ,i list my code after this,can you give me some advice .

============code====================

# coding: utf8

import boofuzz

from boofuzz import *

'''

Modbus-TCP boofuzz python

'''

def main():

target_host = '192.168.0.131'

target_port = 502

# tcp_connection = SocketConnection(host=target_host, port=target_port, proto='tcp')

target = Target(

connection=SocketConnection(target_host, target_port, proto='tcp'))

#target.netmon = pedrpc.Client('192.168.0.131',502)

# Define Session

#handle= open('log1.txt','w+')

#logger = FuzzLogger(fuzz_loggers=fhandle)

sess = sessions.Session(

crash_threshold=600,# if reach this threshold , crash will result to the fault

ignore_connection_aborted=True,

ignore_connection_reset=True,

    target=target,

#fuzz_data_logger=logger

restart_interval=1000,

)

s_initialize("modbus_read_coil_memory")

if s_block_start("modbus_head"):

s_word(0x0000,name='transId',fuzzable=False)

s_word(0x0000,name='protoId',fuzzable=False)

s_word(0x0006,endian='>',name='length',fuzzable=False)

s_byte(0xff,name='unit Identifier',fuzzable=False)

if s_block_start('modbus_read_coil_memory'):

s_byte(1,name='funcCode read coil memory',fuzzable=False)

s_word(0,name='start address',endian='>',fuzzable=False)

s_word(0,name='quantity',endian='>',fuzzable=True)

s_block_end()

s_block_end()

s_repeat("modbus_read_coil_memory",min_reps=0,max_reps=40,name='modbus_read_coil_memorys')

mun = s_mutate()

print '----------'

print mun

print '----------'

sess.connect(sess.root,s_get('modbus_read_coil_memory'))

sess.fuzz()

if __name__ == '__main__':

main()

====================================

[Joshua Pereyda]

Hello,

It looks to me like your script is working.

I see the table appearing in console output when running your script:

[2018-04-11 22:32:24,372] Test Case: 180

[2018-04-11 22:32:24,372]     Info: primitive name: "modbus_read_coil_memorys", type: Repeat, default value:

[2018-04-11 22:32:24,372]     Info: Test case 181 of 181 for this node. 180 of 181 overall.

[2018-04-11 22:32:24,372]   Test Step: Fuzzing Node 'modbus_read_coil_memory'

[2018-04-11 22:32:24,388]     Transmitting 212 bytes: 00 00 00 00 00 06 ff 01 00 00 00 00 01 00 00 00 00 01 00 00 00 00 01 00 00 00 00 01 00 00 00 00 01 00 00 00 00 01 00 00 00 00 01 00 00 00 00 01 00 00 00 00 01 00 00 00 00 01 00 00 00 00 01 00 00 00 00 01 00 00 00 00 01 00 00 00 00 01 00 00 00 00 01 00 00 00 00 01 00 00 00 00 01 00 00 00 00 01 00 00 00 00 01 00 00 00 00 01 00 00 00 00 01 00 00 00 00 01 00 00 00 00 01 00 00 00 00 01 00 00 00 00 01 00 00 00 00 01 00 00 00 00 01 00 00 00 00 01 00 00 00 00 01 00 00 00 00 01 00 00 00 00 01 00 00 00 00 01 00 00 00 00 01 00 00 00 00 01 00 00 00 00 01 00 00 00 00 01 00 00 00 00 01 00 00 00 00 01 00 00 00 00 01 00 00 00 00 01 00 00 00 00 b'\x00\x00\x00\x00\x00\x06\xff\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00'

[2018-04-11 22:32:24,388]     Info: 212 bytes sent

[2018-04-11 22:32:24,388]   Test Step: Calling post_send function:

[2018-04-11 22:32:24,388]     Info: No post_send callback registered.

[2018-04-11 22:32:24,388]   Test Step: Sleep between tests.

[2018-04-11 22:32:24,388]     Info: sleeping for 0.000000 seconds

You can see that "modbus_read_coil_memorys" is indeed being modified.

It may be that Wireshark is not showing what you expect (?). Does that help? If you're still wondering, it might help if you post exactly what you're seeing in Wireshark and what you expect to see. Cheers!

[Young Thomas]

I have test it ,but i still confuse about s_repeat