s_render and s_mutate

75 views
Skip to first unread message

I C

unread,
Apr 27, 2021, 4:22:16 AM4/27/21
to boofuzz
Hello,

Sometimes, I use boofuzz to generate the fuzzed data but I send them using another library (for example websocket, or, for lower level stuff, Scapy).
For this I used s_render and s_mutate. it seems however they have been removed in the current version. Is there still a way to do that using 0.3.0.0 ?

Thank you

I C

unread,
Jun 10, 2021, 11:26:49 AM6/10/21
to boofuzz
Hello,

I've not found yet how to do what I used to do with s_render and s_mutate.
I've seen that I can use s_get("request").render() to display the request but I've not found yet how to mutate inside the request to get all the different mutation values.

My previous code:

s_initialize(name="Request")
blocks

while s_mutate(): 
    send(s_render())

What I have for now in boofuzz 0.3.0.0:

s_initialize(name="Request")
blocks

r=s_get("Request")

(here I miss a way to mutate the request to get the different possibilities)

send(r.render())

Any idea ?

Thank you

joshua.t...@gmail.com

unread,
Jun 10, 2021, 5:59:11 PM6/10/21
to boofuzz
I C,
My apologies for the delay. It took a little digging around in the git logs, but it was removed in this commit https://github.com/jtpereyda/boofuzz/commit/9d777341d1423a29ef2b4c9668e3c54ec73ad1b0 which is from PR 422 https://github.com/jtpereyda/boofuzz/pull/422

I can't remember exactly why I removed these, but it probably had to do with the mutation mechanism now being much more stateless.

You should be able to approximate s_mutate and s_render with something like:

for mutations in r.mutate():
    mutation_context = MutationContext(mutations=mutations, message_path=[])
    data = r.render(mutation_context)

I haven't tested this, but it should more or less do the trick. If it does work, we can also clean up the interface a bit (e.g. the message_path arg could be optional).

You may also find the FileConnection class helpful (file_connection.py). I just now realized it doesn't seem to be in the docs yet.

Let me know if that works -- if not I can pull up a test script and see if I missed anything.

Happy fuzzing,

Joshua

joshua.t...@gmail.com

unread,
Jun 10, 2021, 6:05:05 PM6/10/21
to boofuzz
s_render and s_mutate could technically be re added. They would have to access some global state, but it would be nice to have the same backwards compatible interface. If anybody wants to make a PR, feel free! 

I C

unread,
Jun 11, 2021, 5:20:47 AM6/11/21
to boofuzz
Thanks for your help! I'll take a look on the FileConnection class.

I tried your code and I get the following error:
AttributeError: 'Request' object has no attribute 'mutate'

maybe I need to import something ?

for the moment, my code is:
from boofuzz import *
from boofuzz.mutation import Mutation
from boofuzz.mutation_context import MutationContext

s_initialize(name="Request")
s_string("ttest", name='test')

r=s_get("Request")
for mutations in r.mutate():
...     mutation_context = MutationContext(mutations=mutations, message_path=[])
...     data = r.render(mutation_context)

joshua.t...@gmail.com

unread,
Jun 11, 2021, 12:46:10 PM6/11/21
to boofuzz
My bad, that should be .get_mutations().

from boofuzz import *
from boofuzz.mutation import Mutation
from boofuzz.mutation_context import MutationContext

s_initialize(name="Request")
s_string("ttest", name='test')

r=s_get("Request")
for mutations in r.get_mutations():
    mutation_context = MutationContext(mutations=mutations, message_path=[])
    data = r.render(mutation_context)
    print(data)

I C

unread,
Jun 15, 2021, 11:07:53 AM6/15/21
to boofuzz
Hello,

sorry I didn't have time to retest before today.

I get the following error when I run this:
Traceback (most recent call last):
  File "<stdin>", line 2, in <module>
TypeError: __init__() got an unexpected keyword argument 'mutations'

Joshua Pereyda

unread,
Jun 15, 2021, 11:29:08 AM6/15/21
to I C, boofuzz
Is that the full stack trace? Like 2 seems weird since they would be an import.

Also, I ran that code off the latest commit on the master branch, so if you’re working off a release that might be it.

--
You received this message because you are subscribed to the Google Groups "boofuzz" group.
To unsubscribe from this group and stop receiving emails from it, send an email to boofuzz+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/boofuzz/2ffe687a-1489-410f-9bde-9000b812afcan%40googlegroups.com.

I C

unread,
Jun 15, 2021, 12:16:14 PM6/15/21
to boofuzz
Yes, it's the full trace. I ran the code in the python 3.8.5 interpreter, that's why it's indicating line 2.

I'm working from release 0.3.0.0, I'll try from the last master commit then, thank you.

Young Thomas

unread,
Nov 10, 2023, 3:57:22 AM11/10/23
to I C, boofuzz
hello,sorry to reply late.  I do not renew the boofuzz for modbus for many years. I wanna to rebuild modbus boofuzz module for boofuzz suit. If i do the reality work, I will reply to you.

I C <iche...@gmail.com> 于2021年6月16日周三 00:16写道:
To view this discussion on the web visit https://groups.google.com/d/msgid/boofuzz/fb1b50fc-798c-424a-9210-d4055b717094n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages