Trouble understanding fuzzing with callbacks #579
-
|
I wan to fuzz a lower layer protocol. I need the contents of the response in my further fuzzing logic. Therefore I need a callback that parses the answer out from the first response and uses that data for further fuzzing. Simple challenge response system. How can I do it? def check_auth(target, fuzz_data_logger, session, *args, **kwargs):
answer = target.recv(1024)
if answer == 'good':
answer_value = answer[5:]
# proceed fuzzing with answer_value
# how can we do it?
# like this?
s_initialize('msg2_withAnswer')
s_static(answer_value)
s_byte(0xab, fuzzable=True)
session.connect(s_get('msg2_withAnswer'))
s_initialize('msg1')
s_static(some_data)
s_byte(0xab, fuzzable=True)
session.connect(s_get('msg1'), callback=check_auth) |
Beta Was this translation helpful? Give feedback.
Answered by
cq674350529
Jul 22, 2019
Replies: 1 comment
-
|
@NikolaiT As far as I know, you can do it like this. def callback(target, fuzz_data_logger, session, node, edge, *args, **kwargs):
answer = target.recv(1024)
if answer == 'good':
answer_value = answer[5:]
# proceed fuzzing with answer_value
# you can almost get anything you have defined with `node` parameter, maybe and `session` parameter
node.names['answer']._value = answer_value # update the value
return node.render()
s_initialize('msg1')
s_static("aaa", name="answer") # to get this primitive easily later
s_byte(0xab, fuzzable=True)
session.connect(s_get('msg1'), callback=check_auth)I used to do it like this way, but I'm not sure if it's an elegant way. |
Beta Was this translation helpful? Give feedback.
0 replies
Answer selected by
SR4ven
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
@NikolaiT As far as I know, you can do it like this.
I used to do it like this way, but I'm not…