Hi,
I am looking for examples of file format fuzzing with boofuzz and/or want to know if it can be used for file based fuzzing.
I started writing some code this purpose. I implemented a custom class ExecuteFileConnection(itarget_connection.ITargetConnection) that overrides boofuzz.itarget_connection Class methods. Currently my code is just printing out fuzz data. I want to save the fuzz data to a file since my program reads from a file.
Here is a copy of my program:
#!/usr/bin/env python
# Designed for use with boofuzz v0.0.8
from boofuzz import *
import time
from boofuzz import itarget_connection
import subprocess
class ExecuteFileConnection(itarget_connection.ITargetConnection):
def __init__(self, executable_path):
print('*** init')
self.executable_path=executable_path
self.proc=None
def close(self):
print('*** close')
if self.proc and self.proc.poll():
self.proc.kill()
def open(self):
print('*** open')
pass
def recv(self, max_bytes):
print('*** recv')
if self.proc:
while self.proc.poll() == None:
# p.subprocess is alive
time.sleep(1)
o,e = self.proc.communicate()
return o
def send(self, data):
print('*** send: {}'.format(data))
@property
def info(self):
return self.executable_path
def recordlength(str):
return str
def main():
session = Session(
target=Target(
connection=ExecuteFileConnection("lz4")))
s_initialize("lz4_frame")
s_static("\x04\x22\x4D\x18")
s_bit_field(0,name="Dict_ID",width=1,fuzzable="True")
s_bit_field(0,name="Reserved",width=1,fuzzable="True")
s_bit_field(0,name="Content_checksum_flag",width=1,fuzzable="True")
s_bit_field(0,name="Content_size_flag",width=1,fuzzable="True")
s_bit_field(0,name="Block_checksum_flag",width=1,fuzzable="True")
s_bit_field(0,name="Block_independence_flag",width=1,fuzzable="True")
s_bit_field(0,name="Version_Number",width=2,fuzzable="True")
s_bit_field(0,name="Reserved1",width=4,fuzzable="True")
s_bit_field(0,name="Block_MaxSize",width=3,fuzzable="True")
s_bit_field(0,name="Reserved2",width=1,fuzzable="True")
s_byte(0,name="Checksum",fuzzable="True")
s_size("data", length=4, endian="<",fuzzable="True")
s_string("data")
session.connect(s_get("lz4_frame"))
request = s_get("lz4_frame")
session.fuzz()
if __name__ == "__main__":
main()
Any help with this is highly appreciated.
Thank you,
Chandni Bhowmik