Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Joshua Pereyda
    @jtpereyda
    keep us posted if you end up implementing : )
    For anyone watching, there is a discussion going on about how to implement relative path references (for blocks that reference other blocks, e.g. Checksum, Size) here: https://github.com/jtpereyda/boofuzz/pull/458#discussion_r482184823
    input welcome
    Maximilian Lindner
    @SR4ven
    @tg57643103_twitter repeating blocks during fuzzing is already possible with s_repeat
    See https://github.com/jtpereyda/boofuzz/blob/350dd447513a534b4643545c15b7449348302af8/request_definitions/http_header.py#L274
    nurajbihari
    @nurajbihari
    Hello, I'm trying to create a UDP socket connection to listen for when a client connects
    I created the following, but as soon as I run the program, it closes
    I would like for the udp connection to wait for any client requests
    This is my code
    def main():
    session = Session(target=target(connection=UDPSocketConnection(targetIP, 27015, bind=True)))
    while True:
        clientIP=session.info()
        receivedData = session.recv(128*1024)
        requestType = checkRequestType(receivedData)
        if requestType == "INFO":
            response = createINFOReply()
        elif requestType == "PLAYER":
            response = createPLAYERReply()
            print("[+] Payload sent!")
        else:
            response = 'nope'
        session.send(response)
        yield data
    targetIP="127.0.0.1"
    nurajbihari
    @nurajbihari
    Please Help!
    Joshua Pereyda
    @jtpereyda
    @nurajbihari the type of the bind arg is a host and port tuple. See the docstring here https://boofuzz.readthedocs.io/en/latest/user/connections.html#udpsocketconnection
    nurajbihari
    @nurajbihari
    @jtpereyda so it would be like this then correct? Sorry, I'm also learning python
    session = Session(target=target(connection=UDPSocketConnection(targetIP, port, bind(tuple(self.targetIP, self.port)))))    

    targetIP="127.0.0.1"
    port="27015"

    def main():
    session = Session(target=target(connection=UDPSocketConnection(targetIP, port, bind(tuple(self.targetIP, self.port)))))
    while True:
    clientIP=session.info()
    receivedData = session.recv(128*1024)
    requestType = checkRequestType(receivedData)
    if requestType == "INFO":
    response = createINFOReply()
    elif requestType == "PLAYER":
    response = createPLAYERReply()
    print("[+] Payload sent!")
    else:
    response = 'nope'
    session.send(response)
    yield data

    Joshua Pereyda
    @jtpereyda

    without checking all your code, the syntax for passing a tuple would be
    instead of where you had in the original code:

    bind=True

    you might have

    bind=(self.targetIP, self.port)

    or something like that

    I'd recommend Googling Python tuples if you have a minute -- they're not that hard and they come up a lot in Python
    nurajbihari
    @nurajbihari
    Ok I will thank you
    I also just wanted to make sure what I'm trying to do is feasible with boofuzz
    @jtpereyda is it possible to make this script act as a server and when the client requests packets, I could reply back with fuzzed data?
    All of the scenarios online shows client to server demonstrations and not the other way around
    Joshua Pereyda
    @jtpereyda
    yeah fuzzing a server and therefore acting like a client is the most typical use case... there is a server approach but I haven't used it recently
    the doc I linked above should talk about it a bit
    nurajbihari
    @nurajbihari
    Okay, thank you sir!
    Joshua Pereyda
    @jtpereyda
    but yeah you need to use the special server argument for the UdpSocketConnection class
    :thumbsup:
    Katharina Bogad
    @mistressofjellyfish
    IIRC there also was a testcase regarding this server approach, you might wanna look at those
    meh I was wrong
    should've written those
    nurajbihari
    @nurajbihari
    I wish there was! I'm gonna try and see how far I can get
    nurajbihari
    @nurajbihari
    Okay, I made some progress, but I'm getting a crash
    [2020-09-09 17:28:12,998] Test Step: Contact target monitors
    [2020-09-09 17:28:12,998] Test Step: Cleaning up connections from callbacks
    [2020-09-09 17:28:12,998] Check OK: No crash detected.
    [2020-09-09 17:28:12,998] Info: Closing target connection...
    [2020-09-09 17:28:12,998] Info: Connection closed.
    [2020-09-09 17:28:12,998] Test Case: 148: info.no-name.148
    [2020-09-09 17:28:13,014] Info: Type: String. Default value: 'Avins-Server'. Case 148 of 1441 overall.
    [2020-09-09 17:28:13,014] Info: Opening target connection (192.168.119.137:27015)...
    [2020-09-09 17:28:13,029] Info: Connection opened.
    [2020-09-09 17:28:13,029] Test Step: Monitor CallbackMonitor#107087304[pre=[],post=[],restart=[],post_start_target=[]].pre_send()
    [2020-09-09 17:28:13,029] Test Step: Fuzzing Node 'info'
    [2020-09-09 17:28:13,029] Info: Sending 65604 bytes...
    [2020-09-09 17:28:13,029] Error!!!! Unexpected exception! Traceback (most recent call last):
    File "c:\python27-x64\lib\site-packages\boofuzz\sessions.py", line 805, in _main_fuzz_loop
    self._fuzz_current_case(*fuzz_args)
    File "c:\python27-x64\lib\site-packages\boofuzz\sessions.py", line 1568, in _fuzz_current_case
    self.transmit_fuzz(target, self.fuzz_node, path[-1], callback_data=callback_data)
    File "c:\python27-x64\lib\site-packages\boofuzz\sessions.py", line 1251, in transmit_fuzz
    self.targets[0].send(data)
    File "c:\python27-x64\lib\site-packages\boofuzz\sessions.py", line 203, in send
    num_sent = self._target_connection.send(data=data)
    File "c:\python27-x64\lib\site-packages\boofuzz\connections\udp_socket_connection.py", line 125, in send
    num_sent = self._sock.sendto(data, (self.host, self.port))
    error: [Errno 10040] A message sent on a datagram socket was larger than the internal message buffer or some other network limit, or the buffer used to receive a datagram into was smaller than the datagram itself
    Katharina Bogad
    @mistressofjellyfish
    yeah your UDP packet has a maximum size and 65604 bytes is probably larger
    it'd be interesting why this happens as packets should get truncated to fit
    do you by any chance know what your connection reports as max_payload()?
    Maximilian Lindner
    @SR4ven
    I think the UDP length bug was fixed some time ago in #444
    But there was no release to pypi since
    Joshua Pereyda
    @jtpereyda
    ah then @nurajbihari you'll want to install from source
    nurajbihari
    @nurajbihari
    Looking at it thanks
    I'm actually still having issues with setting up a udp connection.
    The documentaion says that I can't have a bind and also server enabled for udp connection / server side fuzzing
    how am I to fuzz from the server side while also having a udp connection
    udp socket opened*
    nurajbihari
    @nurajbihari
    # Author: Uday Mittal
    # Company: Yaksas CSC
    # Contact: csc@yaksas.in | twitter.com/yaksas443
    import logging
    import socket
    import textwrap
    from boofuzz import *
    
    def main():
        target_ip = "0.0.0.0"
        session = Session(
            target=Target(
                connection=UDPSocketConnection(target_ip,27015)))
            (data, addr) = s.recv(128*1024)
            requestType = checkRequestType(data)
            if requestType == "INFO":
                session = Session(
                    target=Target(
                        connection=UDPSocketConnection("192.168.119.137", 27015)))
                s_initialize("info")
                s_static("\xFF\xFF\xFF\xFF")                         # Pre (4 bytes)
                s_static("\x49")                                  # Header (1 byte)
                s_static("\x02")                               # Protocol version (1 byte)
                s_string("Avins-Server") # Server name (string)
                s_static("de_dust2" + "\x00") # Map name (string)
                s_static("csgo" + "\x00") # Name of the folder contianing the game files (string)
                s_static("Counter-Strike: Global Offensive") # Game name (string)
                s_static("\xda\x02") # Game ID (short)
                s_static("\xFF") # Amount of players in the server (byte)
                s_static("\xFF") # Max player allowed (byte)
                s_static("\x00") # Bots in game (byte)
                s_static("d") # Server type, d = dedicate (byte)
                s_static("l") # Hosted on windows linux or mac, l is linux (byte)
                s_static("\x00") # Password needed? (byte)
                s_static("\x01") # VAC enabled? (byte)
                s_static("1.3.6.7.1\x00")
                session.connect(s_get("info"))
                session.fuzz()
    
            elif requestType == "PLAYER":
                session = Session(
                    target=Target(
                        connection=UDPSocketConnection("192.168.119.137", 27015)))
                s_initialize("player")
                s_static("\xFF\xFF\xFF\xFF")
                s_static("\x44")
                s_static("\x01")
                s_static("\x01")
                s_static("ASH")
                s_static("")
                s_static("")
    
                session.connect(s_get("player"))
                session.fuzz()
            else:
                response = 'nope'
            s.sendto(response,addr)
            yield data
    
        session.fuzz()
    
    
    def checkRequestType(data):
        # Header byte contains the type of request
        header = data[4]
        if header == "\x54":
            print("[*] Received A2S_INFO request")
            return "INFO"
        elif header == "\x55":
            print("[*] Received A2S_PLAYER request")
            return "PLAYER"
        else:
            print ("Unknown request")
            return "UNKNOWN"
    
    
    if __name__=="__main__":
        main()
    That's what I got so far
    nurajbihari
    @nurajbihari
    Also, my max payload is 65507. How would I tell boofuzz that it can only send up to that size so it doesnt crash?
    Joshua Pereyda
    @jtpereyda
    Oh right, bind and server don't make sense together
    wait, hmm