A fork and successor of the Sulley Fuzzing Framework
GPL-2.0 License
Bot releases are hidden (Show)
Published by SR4ven about 1 year ago
default_value
from string to bytes for FromFile
.s_update
primitive was out of date.BitField
primitive.Session.fuzz(name=name)
.dep_value
argument of Block
to bytes and added type checks.Published by SR4ven over 2 years ago
NETCONFConnection
class.Session
arg db_filename
to modify the location of the log database.FuzzableBlock
.Bytes
primitive to prevent incorrect use.s_binary
initialization.Published by SR4ven over 3 years ago
Simple
primitive that uses only the specified values for fuzzing.Float
primitive with support for IEEE 754 encoding.Checksum
primitive.random
.Published by SR4ven over 3 years ago
This release brings some huge memory optimizations as we are now using iterators to generate the test case data. Boofuzz will no longer munch Gigabytes of RAM when fuzzing with large protocol definitions!
Also check out the new object orientated method for defining protocols here.
Aligned
block: Aligns content length to multiple of certain number of bytes.Checksum
, Size
, etc. now resolve absolute and relative names. Block and primitiveTestCaseContext
object to which one can save data to be usedTestCaseSessionReference
can be passed as a default value in a protocol definition. The nameFuzzable
rewrite: Simpler definitions for new fuzz primitives. See static.py
for an example of a very simple primitive.ProcessMonitorLocal
allows running procmon as part of fuzzer process.UnixSocketConnection
class.current_message
, previous_message
.Group
primitives.Published by SR4ven almost 4 years ago
Published by SR4ven over 4 years ago
SocketConnection
is now deprecated. Use the classes derived from BaseSocketConnection
instead.connections
submodule.SessionInfo
has had attributes renamed; procmon_results and netmon_results are deprecated and now aliases for monitor_results and monitor_data respectively.BoofuzzFailure
exception type allows callback methods to signal a failure that should halt the current test case.capture_output
option to process monitor to capture target process stderr/stdout .FileConnection
to dump messages to files.fuzz_data_logger
, log_level
, logfile
, logfile_level
and log()
.FuzzLoggerFile
.crc32c
is no longer a required package. Install manually if needed.requests
folder to request_definitions
because it shadowed the name of the requests
python module.Published by SR4ven almost 5 years ago
s_bytes
which fuzzes an arbitrary length binary value (similiar to s_string
).Black
for code style standardization.s_group
primitive was not accepting empty default value.examples/fuzz-ssl-server.py
and examples/fuzz-ssl-client.py
.boo open
.fuzz_logger_curses
.sudo
is no longer recommended, use the --user
option of pip instead.ignore_connection_ssl_errors
session attribute that cans_from_file
decoding in Python 2 (the encoding parameter is now depreciated).s_checksum
. It is possible to use a custom algorithm with this block.Published by jtpereyda over 5 years ago
console_gui
to enable it.keep_web_open
to allow analyzing the test results after test completion.taskkill -F
if taskkill
fails.Published by jtpereyda over 5 years ago
restart_callbacks
, pre_send_callbacks
, and post_test_case_callbacks
to hand over custom callback functions.fuzz_db_keep_only_n_pass_cases
. This allowes saving only n test cases preceding a failure or error to the database.Published by jtpereyda over 5 years ago
Target
recv
function now accepts a max_recv_bytes
argument.Published by jtpereyda almost 6 years ago
Published by jtpereyda about 6 years ago
boo open
command can open and inspect saved database log files.REQUESTS
map available in top level boofuzz package.Published by jtpereyda about 6 years ago
Session
parameter receive_data_after_fuzz
. Controls whether to execute a receive step after sendingPublished by jtpereyda about 6 years ago
FuzzLoggerDB
Session.open_test_run()
to read test results database from previous test run.Session.feature_check()
method to verify protocol functionality before fuzzing.proc_name
to support asynchronously started target processes.post_send()
is called, reducing redundant error messages.Target
open()
and close()
operations are now logged.callback
methods.Session
& Connection Options
Session
receive_data_after_each_request
option to enable disabling of data receipt after messages are sent.Session
skip
argument replaced with index_start
and index_end
.Session
now has separate crash thresholds for elements/blocks and nodes/messages.SocketConnection
separate timeouts for send()
/recv()
.Target.recv()
now has a default max_bytes
value.DEFAULT_PROCMON_PORT
constant.Session.post_send()
's sock
parameter now deprecated (use target
instead).BitField
blocks with ASCII format reported incorrect sizes.s_update
.get_max_udp_size()
was crashing in Windows.String
padding was not always being applied.String
was not accepting unicode strings in value
parameter.String
was skipping valid mutations and reporting wrong num_mutations()
when size
parameter was used.BitField
.Published by jtpereyda over 6 years ago
fuzz_by_name
and fuzz_single_node_by_path
fuzz_single_case
Published by jtpereyda almost 7 years ago
check_data_received_each_request
to False to disable receive after send.Published by jtpereyda almost 7 years ago
Published by jtpereyda about 7 years ago
s_size
is now fuzzable by default.Published by jtpereyda over 7 years ago
--help
parameter to process monitor.procmon
and procmon_options
in constructor.--crash_bin
optional (as documented).Published by jtpereyda over 7 years ago
with s_block("my-block"):