Fwd: Re: [HotFuzz project] fuzzing bonjour on libpurple
24 views
Skip to first unread message
Dusan
May 16, 2011, 4:55:33 PM5/16/11
to hotfuzz...@googlegroups.com
sorry, forgot to add CC :-)
-------- Original Message --------
yes, that is correct. The agents are truly your agents. They run on the same machines as their applications, which gives them direct access to the applications. As the matter of fact, the agents start the applications and then monitor them. You can also have a client, a server and the hotfuzz in the middle. In that case you need hotfuzz for all three machines. Please note that this is basically how it works with Peach as well (the agents part). Although it is a bit unfortunate that we do not have a separate GUI and installer for agents only.
Cheers,
Dusan
On 16. 5. 2011 22:43, Joel Fernandez wrote:
-------- Original Message --------
| Subject: | Re: [HotFuzz project] fuzzing bonjour on libpurple |
|---|---|
| Date: | Mon, 16 May 2011 22:51:08 +0200 |
| From: | Dusan <dusan...@gmail.com> |
| To: | Joel Fernandez <joelfer...@gmail.com> |
yes, that is correct. The agents are truly your agents. They run on the same machines as their applications, which gives them direct access to the applications. As the matter of fact, the agents start the applications and then monitor them. You can also have a client, a server and the hotfuzz in the middle. In that case you need hotfuzz for all three machines. Please note that this is basically how it works with Peach as well (the agents part). Although it is a bit unfortunate that we do not have a separate GUI and installer for agents only.
Cheers,
Dusan
On 16. 5. 2011 22:43, Joel Fernandez wrote:
so you're saying i have to have 2 instances of hotfuzz ? one on the client and one on the server?
On Mon, May 16, 2011 at 4:35 PM, Dusan <dusan...@gmail.com> wrote:
Hi Joel,
I think that your problem is with the agents. You need to start your client agent on the client machine (which you did correctly) and your server agent on the server machine. So you need to do 4 thinks to make it work:
- do not start server agent on the client machine
- run hotfuzz also on the server machine and start the server agent there
- in the hotfuzz configuration (on your client machine) change the address for the server agent to the address of the server machine
- no comments regarding the current user friendliness of the configuration interface :-))
Please give it a try and let us know if it worked. I am quite tired at the moment, so my thinking might not be right.
Cheers,
Dusan
On 16. 5. 2011 18:28, Joel Fernandez wrote:here is a quick write up of my setup.I appreciate the assistance.
On Mon, May 16, 2011 at 11:04 AM, Joel Fernandez <joelfer...@gmail.com> wrote:
My setup is simple so others can reproduce. I have 2 vms running pidgin with a bonjour profile setup. They can find and comm with no problem. The hotfuzz settings are the ones i mentioned. My problem is that hotfuzz doesnt record any data so i cant fuzz it.Where is your bonjour running? On the other machine (192.168.1.5)? Is it the Bonjour Print Services from Apple?
Nice that you are writing a tutorial, it can help others to resolve issues you ran into.
Do you maybe have a draft of it so I could reproduce your configuration?
Martin
On Mon, May 16, 2011 at 4:15 PM, Joel Fernandez <joelfer...@gmail.com> wrote:
Ok, so it's a config problem. I have reconfigured my pidgin app to comm via http proxy IP of 127.0.0.1 port 8080
I've configured hotfuzz as the following (but still don't get to record data), what else could I be doing wrong? Thanks for the assistance.
Proxy IP :127.0.0.1 port 8080
Program : \directory\pidgin.exe-----+
symbols: c:\symbols
Agent IP : 127.0.0.1 port 9001
-----
Server
Target IP 192.168.1.5 port 5298 (bonjour port)
program: \directory\pidgin.exe
symbols: c:\symbols
Agent IP: 127.0.0.1 port 9002
On Mon, May 16, 2011 at 8:38 AM, Martin Žember <zem...@gmail.com> wrote:
Hi,
so your pidgin.exe starts on your local machine (127.0.0.1) and you
are able to use it. Did you configure it to connect to HotFuzz (which
is listening on 127.0.0.1:5298)? Or does it try to discover the port
through bonjour and connects to 192.168.1.5 (which would skip
HotFuzz)?
Martin
On Mon, May 16, 2011 at 2:10 PM, w0rd <joelfer...@gmail.com> wrote:
> i've been having setting up a recording on hotfuzz. My sessings are
> below. Can anyone tell me where i may be going wrong? The application
> starts up and i'm able to use it.
>
> Client
> Proxy IP :127.0.0.1 port 5298
> Program : \director\pidgin.exe
> symbols: c:\symbols
>
> Agent IP : 127.0.0.1 port 9001
> -----
> Server
> Target IP 192.168.1.5 port 5298 (bonjour port)
> program: \directory\pidgin.exe
> symbols: c:\symbols
>
> Agent IP: 127.0.0.1 port 9002
>
> -----
>
> Recording
>
> Iteration count = 2
> protocol port = 5298
> proxy timeout = 10
>
> ====
> Recording window log:
>
> Writing recorded data to config file....
>
> No data were recording during recording faze. this might be caused by
> incorrect config....
>
Alexander W. Miranda
May 16, 2011, 5:04:39 PM5/16/11
to dusan...@gmail.com, hotfuzz...@googlegroups.com, Joel Fernandez
Well,
That can be the next project.
What is the best approach to develop generation based fuzzing targeting a network application?
That can be the next project.
What is the best approach to develop generation based fuzzing targeting a network application?
Reply all
Reply to author
Forward
0 new messages