Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Joshua Pereyda
    @jtpereyda
    yeah fuzzing a server and therefore acting like a client is the most typical use case... there is a server approach but I haven't used it recently
    the doc I linked above should talk about it a bit
    nurajbihari
    @nurajbihari
    Okay, thank you sir!
    Joshua Pereyda
    @jtpereyda
    but yeah you need to use the special server argument for the UdpSocketConnection class
    :thumbsup:
    Katharina Bogad
    @mistressofjellyfish
    IIRC there also was a testcase regarding this server approach, you might wanna look at those
    meh I was wrong
    should've written those
    nurajbihari
    @nurajbihari
    I wish there was! I'm gonna try and see how far I can get
    nurajbihari
    @nurajbihari
    Okay, I made some progress, but I'm getting a crash
    [2020-09-09 17:28:12,998] Test Step: Contact target monitors
    [2020-09-09 17:28:12,998] Test Step: Cleaning up connections from callbacks
    [2020-09-09 17:28:12,998] Check OK: No crash detected.
    [2020-09-09 17:28:12,998] Info: Closing target connection...
    [2020-09-09 17:28:12,998] Info: Connection closed.
    [2020-09-09 17:28:12,998] Test Case: 148: info.no-name.148
    [2020-09-09 17:28:13,014] Info: Type: String. Default value: 'Avins-Server'. Case 148 of 1441 overall.
    [2020-09-09 17:28:13,014] Info: Opening target connection (192.168.119.137:27015)...
    [2020-09-09 17:28:13,029] Info: Connection opened.
    [2020-09-09 17:28:13,029] Test Step: Monitor CallbackMonitor#107087304[pre=[],post=[],restart=[],post_start_target=[]].pre_send()
    [2020-09-09 17:28:13,029] Test Step: Fuzzing Node 'info'
    [2020-09-09 17:28:13,029] Info: Sending 65604 bytes...
    [2020-09-09 17:28:13,029] Error!!!! Unexpected exception! Traceback (most recent call last):
    File "c:\python27-x64\lib\site-packages\boofuzz\sessions.py", line 805, in _main_fuzz_loop
    self._fuzz_current_case(*fuzz_args)
    File "c:\python27-x64\lib\site-packages\boofuzz\sessions.py", line 1568, in _fuzz_current_case
    self.transmit_fuzz(target, self.fuzz_node, path[-1], callback_data=callback_data)
    File "c:\python27-x64\lib\site-packages\boofuzz\sessions.py", line 1251, in transmit_fuzz
    self.targets[0].send(data)
    File "c:\python27-x64\lib\site-packages\boofuzz\sessions.py", line 203, in send
    num_sent = self._target_connection.send(data=data)
    File "c:\python27-x64\lib\site-packages\boofuzz\connections\udp_socket_connection.py", line 125, in send
    num_sent = self._sock.sendto(data, (self.host, self.port))
    error: [Errno 10040] A message sent on a datagram socket was larger than the internal message buffer or some other network limit, or the buffer used to receive a datagram into was smaller than the datagram itself
    Katharina Bogad
    @mistressofjellyfish
    yeah your UDP packet has a maximum size and 65604 bytes is probably larger
    it'd be interesting why this happens as packets should get truncated to fit
    do you by any chance know what your connection reports as max_payload()?
    Maximilian Lindner
    @SR4ven
    I think the UDP length bug was fixed some time ago in #444
    But there was no release to pypi since
    Joshua Pereyda
    @jtpereyda
    ah then @nurajbihari you'll want to install from source
    nurajbihari
    @nurajbihari
    Looking at it thanks
    I'm actually still having issues with setting up a udp connection.
    The documentaion says that I can't have a bind and also server enabled for udp connection / server side fuzzing
    how am I to fuzz from the server side while also having a udp connection
    udp socket opened*
    nurajbihari
    @nurajbihari
    # Author: Uday Mittal
    # Company: Yaksas CSC
    # Contact: csc@yaksas.in | twitter.com/yaksas443
    import logging
    import socket
    import textwrap
    from boofuzz import *
    
    def main():
        target_ip = "0.0.0.0"
        session = Session(
            target=Target(
                connection=UDPSocketConnection(target_ip,27015)))
            (data, addr) = s.recv(128*1024)
            requestType = checkRequestType(data)
            if requestType == "INFO":
                session = Session(
                    target=Target(
                        connection=UDPSocketConnection("192.168.119.137", 27015)))
                s_initialize("info")
                s_static("\xFF\xFF\xFF\xFF")                         # Pre (4 bytes)
                s_static("\x49")                                  # Header (1 byte)
                s_static("\x02")                               # Protocol version (1 byte)
                s_string("Avins-Server") # Server name (string)
                s_static("de_dust2" + "\x00") # Map name (string)
                s_static("csgo" + "\x00") # Name of the folder contianing the game files (string)
                s_static("Counter-Strike: Global Offensive") # Game name (string)
                s_static("\xda\x02") # Game ID (short)
                s_static("\xFF") # Amount of players in the server (byte)
                s_static("\xFF") # Max player allowed (byte)
                s_static("\x00") # Bots in game (byte)
                s_static("d") # Server type, d = dedicate (byte)
                s_static("l") # Hosted on windows linux or mac, l is linux (byte)
                s_static("\x00") # Password needed? (byte)
                s_static("\x01") # VAC enabled? (byte)
                s_static("1.3.6.7.1\x00")
                session.connect(s_get("info"))
                session.fuzz()
    
            elif requestType == "PLAYER":
                session = Session(
                    target=Target(
                        connection=UDPSocketConnection("192.168.119.137", 27015)))
                s_initialize("player")
                s_static("\xFF\xFF\xFF\xFF")
                s_static("\x44")
                s_static("\x01")
                s_static("\x01")
                s_static("ASH")
                s_static("")
                s_static("")
    
                session.connect(s_get("player"))
                session.fuzz()
            else:
                response = 'nope'
            s.sendto(response,addr)
            yield data
    
        session.fuzz()
    
    
    def checkRequestType(data):
        # Header byte contains the type of request
        header = data[4]
        if header == "\x54":
            print("[*] Received A2S_INFO request")
            return "INFO"
        elif header == "\x55":
            print("[*] Received A2S_PLAYER request")
            return "PLAYER"
        else:
            print ("Unknown request")
            return "UNKNOWN"
    
    
    if __name__=="__main__":
        main()
    That's what I got so far
    nurajbihari
    @nurajbihari
    Also, my max payload is 65507. How would I tell boofuzz that it can only send up to that size so it doesnt crash?
    Joshua Pereyda
    @jtpereyda
    Oh right, bind and server don't make sense together
    wait, hmm
    Joshua Pereyda
    @jtpereyda

    The documentaion says that I can't have a bind and also server enabled for udp connection / server side fuzzing

    can you quote this bit? can't find it on the page

    and, you have something sending packets to it right?
    but looking at the code, that seems to be right -- this could probably be fixed
    but yeah in the meantime you provide host, port, and server arguments
    from the implementation
            if self.server:
                self._sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
                self._sock.bind((self.host, self.port))
    host, port, and server should do it -- as you can see it will bind anyway. Has anybody run a UDP fuzzer-as-server before?
    nurajbihari
    @nurajbihari

    and, you have something sending packets to it right?

    Yes, there's a client constantly sending requests

    The documentaion says that I can't have a bind and also server enabled for udp connection / server side fuzzing

    can you quote this bit? can't find it on the page

        if self.bind and self.server:
            raise Exception("You cannot set both bind and server at the same time.")
    nurajbihari
    @nurajbihari
    Do you guys have any idea why I would get this error?
    TypeError: recv() missing 1 required positional argument: 'max_bytes'
    import logging
    import socket
    import textwrap
    from boofuzz import *
    
    def udp_server():
        host = "0.0.0.0"
        port = 27015
        session = Session(
            target=Target(
                connection=UDPSocketConnection(host, port, server=True, bind=False)))
    
        maxData = 128*1024
        (data, addr) = UDPSocketConnection.recv(maxData)
    sorry, I have been pulling my hair out on this one and I really just wanna make it work lol
    Katharina Bogad
    @mistressofjellyfish
    well... what are you trying to do?
    you can't call the recv method on the class directly, you need an instance first, and even this wouldn't make much sense
    better grab the target from the session and use its recv method
    Joshua Pereyda
    @jtpereyda
    https://github.blog/2020-09-17-github-cli-1-0-is-now-available/ would be cool to automate the release procedures
    would be nice to release on every merge and drop the manual build up of features followed by a release
    Maximilian Lindner
    @SR4ven
    Sounds good @jtpereyda. I'll take a look at this when I find some time
    How would we handle the version numbering? We could have something like 0.2.1.dev1 which would be pep440 conform
    Maximilian Lindner
    @SR4ven
    But then, how would we trigger a stable release like 0.2.1. And how do we tell the CI if it's a major, minor or patch level release
    Maximilian Lindner
    @SR4ven
    Also, do we really want each commit to to appear as a release on GitHub? What if we just agree on a fixed release cycle? Say we release at least once a month so the pypi version is always somewhat up to date