Hi all,
First of all, nice work on forking Sulley! It was surely needed, and I hope (and look forward) to help and contribute with this project.
I'm new to boofuzz (or Sulley, for that matter), and thus I'm reading the classic Sulley Manual [1] to grasp the basics.
I got really intrigues with some design decisions so far, but one really got me: what is the use of s_group? I'm talking about the "Groups" concept, under "Blocks" on [1].
From [1], the example use is:
# import all of Sulley's functionality.
from sulley import *
# this request is for fuzzing: {GET,HEAD,POST,TRACE} /index.html HTTP/1.1
# define a new block named "HTTP BASIC".
s_initialize("HTTP BASIC")
# define a group primitive listing the various HTTP verbs we wish to fuzz.
s_group("verbs", values=["GET", "HEAD", "POST", "TRACE"])
# define a new block named "body" and associate with the above group.
if s_block_start("body", group="verbs"):
# break the remainder of the HTTP request into individual primitives.
s_delim(" ")
s_delim("/")
s_string("index.html")
s_delim(" ")
s_string("HTTP")
s_delim("/")
s_string("1")
s_delim(".")
s_string("1")
# end the request with the mandatory static sequence.
s_static("\r\n\r\n")
# close the open block, the name argument is optional here.
s_block_end("body")
And we can read:
"(...) When this defined request is loaded into a Sulley session, the fuzzer will generate and transmit all possible values for the block "body", once for each verb defined in the group."
So, basically, what's the advantage (or need) for this concept? Is it any different than:
(...)
for verb in ["GET", "HEAD", "POST", "TRACE"]:
s_string(verb, fuzzable=False)
# break the remainder of the HTTP request into individual primitives.
s_delim(" ")
s_delim("/")
s_string("index.html")
s_delim(" ")
s_string("HTTP")
s_delim("/")
s_string("1")
s_delim(".")
s_string("1")
# end the request with the mandatory static sequence.
s_static("\r\n\r\n")
# close the open block, the name argument is optional here.
s_block_end("body")
? Maybe I'm missing something, and if so, I'm sorry for that... But I'm just trying to understand the framework.
Best Regards,
Bruno Melo.