带有大 s_bytes 值的 boofuzz 问题

编程问答 2022-04-30

问题描述

我在应用程序中使用 boofuzz 来模糊特定功能。我为我的模糊向量创建的块如下所示:

with s_block("getpasswd"):
    s_byte(0,name="usID",fuzzable=False)
    s_bytes(value=bytes([0x00,0x00,0x00]),name="dataChoose",size=16,max_len=16,fuzzable=False) # THIS IS 16 BYTES
    s_byte(0,name="paswd",fuzzable=False)
    s_byte(0,name="2fA",name="status",fuzzable=False)
    s_word(0x0000,name="subData",name="adminUsr",fuzzable=True)
    s_bytes(value=bytes([0x00]*170),name="hashOfPswd",size=170,max_len=170,fuzzable=False)

我的模糊测试代码运行良好,直到我将 hashOfPswd 的大小更改为 170(如您所见)。最初它是 50 并且没有问题,但是在查看函数后我想模糊测试这是大小,因此我必须将其设为 170。当我这样做时,我收到以下错误

[2021-05-21 15:47:54,825]       Check Failed: Target connection reset.
[2021-05-21 15:47:54,836]     Error!!!! A custom post_send callback function raised an uncought error.
                              Traceback (most recent call last):
                                File "C:\Users\chxenofo\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.8_qbz5n2kfra8p0\LocalCache\local-packages\python38\site-packages\boofuzz\connections\tcp_socket_connection.py",line 98,in recv
                                  data = self._sock.recv(max_bytes)
                              TimeoutError: [WinError 10060] A connection attempt Failed because the connected party did not properly respond after a period of time,or established connection Failed because connected host has Failed to respond

                              During handling of the above exception,another exception occurred:

                              Traceback (most recent call last):
                                File "C:\Users\chxenofo\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.8_qbz5n2kfra8p0\LocalCache\local-packages\python38\site-packages\boofuzz\sessions.py",line 1272,in transmit_fuzz
                                  self.last_recv = self.targets[0].recv()
                                File "C:\Users\chxenofo\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.8_qbz5n2kfra8p0\LocalCache\local-packages\python38\site-packages\boofuzz\sessions.py",line 172,in recv
                                  data = self._target_connection.recv(max_bytes=max_bytes)
                                File "C:\Users\chxenofo\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.8_qbz5n2kfra8p0\LocalCache\local-packages\python38\site-packages\boofuzz\connections\tcp_socket_connection.py",line 109,in recv
                                  raise_(exception.boofuzzTargetConnectionReset(),None,sys.exc_info()[2])
                                File "C:\Users\chxenofo\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.8_qbz5n2kfra8p0\LocalCache\local-packages\python38\site-packages\future\utils\__init__.py",line 440,in raise_
                                  raise exc.with_traceback(tb)
                                File "C:\Users\chxenofo\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.8_qbz5n2kfra8p0\LocalCache\local-packages\python38\site-packages\boofuzz\connections\tcp_socket_connection.py",in recv
                                  data = self._sock.recv(max_bytes)
                              boofuzz.exception.boofuzzTargetConnectionReset

                              During handling of the above exception,line 1568,in _fuzz_current_case
                                  self.transmit_fuzz(target,self.fuzz_node,path[-1],callback_data=callback_data)
                                File "C:\Users\chxenofo\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.8_qbz5n2kfra8p0\LocalCache\local-packages\python38\site-packages\boofuzz\sessions.py",line 1275,in transmit_fuzz
                                  raise boofuzzFailure(message=constants.ERR_CONN_RESET)
                              boofuzz.exception.boofuzzFailure

                              During handling of the above exception,another exception occurred:

                              Traceback (most recent call last):
                                File "C:\Users\chxenofo\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.8_qbz5n2kfra8p0\LocalCache\local-packages\python38\site-packages\boofuzz\monitors\callback_monitor.py",line 67,in post_send
                                  f(target=target,fuzz_data_logger=fuzz_data_logger,session=session,sock=target)
                                File "C:\Users/chxenofo/common/py_tests\Fuzzer.py",line 169,in postCallback
                                  if returnCode.hex() != "55":
                              AttributeError: 'nonetype' object has no attribute 'hex'

这是 boofuzz 库中的一系列异常。我怀疑 tcp_socket_connection.py 但这有点奇怪,因为通常 tcp 套接字允许高达 1GB 的数据。

有谁知道如何使用这种大小的模糊向量创建这样的块并正确运行它?或者也许我应该改变它以便它能够正常运行? 提前致谢

解决方法

您的自定义 postCallback 函数中似乎缺少 NoneType 检查。

https://github.com/jtpereyda/boofuzz/issues/519#issuecomment-849074553

找到完整答案
boofuzzfuzzinglibfuzzertcpsocket

相关问答

Selenium Web驱动程序和Java元素在(x,y)点处不可单击其他元素将获得点击?
Selenium Web驱动程序和Java。元素在(x,y)点处不可单击。其...
Python-如何使用点“” 访问字典成员?
Python-如何使用点“。” 访问字典成员?
Java 字符串是不可变的到底是什么意思?
Java 字符串是不可变的。到底是什么意思?
Java中的“ final”关键字如何工作?我仍然可以修改对象
Java中的“ final”关键字如何工作?(我仍然可以修改对象。...
“loop:”在Java代码中这是什么,为什么要编译?
“loop:”在Java代码中。这是什么,为什么要编译?
java.lang.ClassNotFoundException:sun.jdbc.odbc.JdbcOdbcDriver发生异常为什么?
java.lang.ClassNotFoundException:sun.jdbc.odbc.JdbcOdbc...