0

我们正在使用boofuzz通过 tcp 协议对远程服务进行模糊测试。模糊器脚本如下。

session = Session(target = Target(connection = SocketConnection(host, port, proto='tcp')))
s_initialize("Test")
s_string("Fuzz", fuzzable = True)
session.connect(s_get("Test"))
session.fuzz()

过了一会儿,我们注意到远程服务崩溃了,但模糊器只是反复尝试重新启动。fuzzer 没有检测到远程服务被关闭并且崩溃的测试用例没有被存储。

[2022-02-02 04:18:42,231]    Test Step: Restarting target
[2022-02-02 04:18:42,231]     Info: Restarting target process using CallbackMonitor
[2022-02-02 04:18:42,231]    Test Step: Cleaning up connections from callbacks
[2022-02-02 04:18:42,231]     Info: Closing target connection...
[2022-02-02 04:18:42,231]     Info: Connection closed.
[2022-02-02 04:18:42,231]     Info: No reset handler available... sleeping for 5 seconds
[2022-02-02 04:18:47,236]     Info: Opening target connection (xxx)...
[2022-02-02 04:18:47,237]     Info: Cannot connect to target; retrying. Note: This likely indicates a failure caused by the previous test case, or a target that is slow to restart.
[2022-02-02 04:18:47,237]    Test Step: Restarting target
[2022-02-02 04:18:47,237]     Info: Restarting target process using CallbackMonitor
[2022-02-02 04:18:47,237]    Test Step: Cleaning up connections from callbacks
[2022-02-02 04:18:47,237]     Info: Closing target connection...
[2022-02-02 04:18:47,237]     Info: Connection closed.
[2022-02-02 04:18:47,237]     Info: No reset handler available... sleeping for 5 seconds
[2022-02-02 04:18:52,243]     Info: Opening target connection (xxx)...
[2022-02-02 04:18:52,244]     Info: Cannot connect to target; retrying. Note: This likely indicates a failure caused by the previous test case, or a target that is slow to restart.

我们如何自定义 boofuzz 脚本,以便:

  1. 我们可以检测到远程服务是否关闭(例如,尝试 tcp connect)?
  2. 我们可以将未截断的崩溃测试用例存储到磁盘吗?
4

1 回答 1

0

如果您不使用监视器,则可以添加一个post_test_case_callbacks来检查服务器是否处于活动状态。这个函数将在每个测试用例之后调用。

post_test_case_callbacks(方法列表)——注册的方法将在每个模糊测试用例之后被调用。默认无。

例如

logger = FuzzLoggerText()
def target_alive(target, fuzz_data_logger, session, sock, *args, **kwargs):
    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    try:
        sock.connect((host, port))
        logger.log_pass(description="alive")
    except ConnectionRefusedError:
        logger.log_fail(description="Server down")

session = Session(target=Target(SocketConnection(host, int(port))), post_test_case_callbacks=[target_alive])
于 2022-02-08T16:31:17.180 回答