Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Alternative interfaces #93

Open
wants to merge 15 commits into
base: sulley_refactor
Choose a base branch
from

Conversation

jtpereyda
Copy link
Contributor

See Issue #92 Feature Proposal: Alternative Interfaces .

Goal:

  • Allow non-socket interfaces (requires abstracting out connection/transmission code so that another object can be swapped in).
  • Add serial interface.
  • Allow basic logging for serial rx/tx data.

Changes:

  • Session class:
    • Refactored out connection and send/recv functionality. This now happens through Target.open(), Target.send(), Target.recv(), Target.close().
    • Added fuzz_data_logger constructor param (see below).
  • Target class:
    • Added open, send, recv, close methods.
    • Added host, port, proto, bind, timeout to constructor parameters.
  • Connection classes:
    • ITargetConnection is the generic interface for connections.
    • SocketConnection is where the existing sockets code went.
    • SerialConnection is self-explanatory.
  • SerialTarget class: Inherits from Target and uses a SerialConnection. Simple class.
  • IFuzzLogger and FuzzLogger define the interface and one implementation for logging sent and received fuzz data.
    • A future implementation could use the pcap format, eliminating the need for a separate network monitor.
    • This is used in the Session class, which calls open_test_case to signal a new mutation, and in the Target class to record sent and received data.

Example:

Here is a complete usage example for throwing data at a serial device. Files will be stored in ./exploration-local-caps/.

#!/usr/bin/env python
from sulley import *
from sulley import sessions
from sulley import serial_target
from sulley import fuzz_logger
import logging

# This file demonstrates how to do basic serial fuzzing with Sulley.

# Fuzz data logger:
logger = fuzz_logger.FuzzLogger(path="exploration-local-caps")

# Serial Target:
target = serial_target.SerialTarget(port=1, baudrate=19200, message_separator_time=.3)

# Session
sess = sessions.Session(session_filename="exploration.session", sleep_time=0.25, log_level=logging.INFO,
                        fuzz_data_logger=logger)
sess.add_target(target)

# Fuzz plan
s_initialize("explore")
s_string("???")
sess.connect(s_get("explore"))

print "Geronimo!"
sess.fuzz()

There is no error detection yet, but it's an important start.

error_handler(e, "failed transmitting fuzz node", target, sock)
continue
error_handler(e, "failed transmitting fuzz node", target, target)
raise
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

raise is a left behind debugging change

@jtpereyda
Copy link
Contributor Author

Testing:
Besides running a test with the serial interface, I verified that the socket interface still works on my Linux box.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant