darkkey / erlamsa Goto Github PK
View Code? Open in Web Editor NEWErlang port of famous radamsa fuzzzer.
License: MIT License
erlamsa's People
Contributors
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
Stargazers
Watchers
erlamsa's Issues
Problem with the UDP proxy mode
I tried to run the UDP proxy and ended up with an error. Am I doing something wrong or is there a bug?
$ ./erlamsa -P 0.5,0.5 -i udp://8001:localhost:8000
=ERROR REPORT==== 8-Sep-2018::16:36:02.407203 ===
Error in process <0.76.0> with exit value:
{badarg,[{io_lib,format,
["udp proxy worker process started, socket id ~p, bind to ~s:~d",
[#Port<0.6>]],
[{file,"io_lib.erl"},{line,183}]},
{erlamsa_logger,'-build_logger/1-fun-1-',5,
[{file,"src/erlamsa_logger.erl"},{line,174}]},
{erlamsa_logger,logger,1,
[{file,"src/erlamsa_logger.erl"},{line,210}]}]}
=ERROR REPORT==== 8-Sep-2018::16:36:02.407913 ===
Error in process <0.79.0> with exit value:
{{badmatch,[{"udp",8001,44443,{127,0,0,1},8000}]},
[{erlamsa_fuzzproxy,loop_udp,7,
[{file,"src/erlamsa_fuzzproxy.erl"},{line,149}]}]}
Erlamsa tutorial [enhancement]
Hi @dukebarman
Would it be possible to have a tutorial showing how to use erlamsa in real world?
I'd like to test my web server + some libraries at work.
Thanks
Crash during UDP fuzzing
Hello again! Did some bidirectional UDP fuzzing and got this crash. I have no idea how to debug erlang...
Command line used: $ ./erlamsa -i udp://<port>:<hostname>:<port> -B 10 -L - -P 0.05,0.05
Using latest master.
2018-09-11 03:48:06.320 <<0.80.0>>: starting fuzzer main (parent = <0.79.0>), random seed is: {52493,47369,54400}
=ERROR REPORT==== 11-Sep-2018::03:48:06.330279 ===
Error in process <0.80.0> with exit value:
{function_clause,
[{erlamsa_sgml,tz,
[{uqval,
[226,99,8,228,124,127,4,173,181,90,110,146,24,37,215,17,227,234,
250,172,16,119,91,90,194,140],
{[77,161,190,212,114,59,15,107,91,245,243,113,152,238,203,225,1,
202,190,47,101,137,66,35,170,45,182,33,163,122,170,240,164,
157,3,84,245,53,177,247,215,58,177,172,250,5,0,133,185,245,31,
36,80,146,193,111,167,82,189,212,49,84,78,252,154,159,169,157,
98,223,254,149,155,17,28,132,49,119,135,139,160,78,182,212,
233,155,236,224,125,250,121,218,132,170,87,39,246,98,152,105,
92,128,231,224,115,30,222,28,213,129,248],
"`�)",[]}},
<<>>],
[{file,"src/erlamsa_sgml.erl"},{line,100}]},
{erlamsa_sgml,tokenize,1,[{file,"src/erlamsa_sgml.erl"},{line,70}]},
{erlamsa_sgml,parse,1,[{file,"src/erlamsa_sgml.erl"},{line,185}]},
{erlamsa_sgml,sgml_mutate,2,[{file,"src/erlamsa_sgml.erl"},{line,622}]},
{erlamsa_mutations,mux_fuzzers_loop,4,
[{file,"src/erlamsa_mutations.erl"},{line,1008}]},
{erlamsa_patterns,pat_burst_cont,4,
[{file,"src/erlamsa_patterns.erl"},{line,208}]},
{erlamsa_patterns,mutate_once_skipper,4,
[{file,"src/erlamsa_patterns.erl"},{line,124}]},
{erlamsa_main,fuzzer_loop,11,
[{file,"src/erlamsa_main.erl"},{line,164}]}]}
HTTP Server doesn't work after update
Hi, after the latest update i have a erlamsa http server problem:
$ ./erlamsa -H 127.0.0.1:17772
=ERROR REPORT==== 2-Nov-2018::14:28:59.411985 ===
Error in process <0.89.0> with exit value:
{undef,[{'',mutations,[],[]},
{erlamsa_main,fuzzer,1,[{file,"src/erlamsa_main.erl"},{line,107}]},
{erlamsa_fsupervisor,launch_fuzzing_process,2,
[{file,"src/erlamsa_fsupervisor.erl"},
{line,49}]}]}
Default python code:
import httplib
erlamsa_url = '127.0.0.1:17772'
original_string = "Hello erlamsa!"
httpconn = httplib.HTTPConnection(erlamsa_url)
headers = {"content-type": "application/octet-stream"}
httpconn.request('POST', '/erlamsa/erlamsa_esi:fuzz', original_string, headers)
response = httpconn.getresponse()
fuzzed_string = response.read()
print(original_string + " erlamsed to " + fuzzed_string)
Btw great work!
UDP proxy hangs often
Erlamsa very often hangs when being used in UDP proxy mode.
Setup: Ubuntu 18.04 x64 VM, 8GB, 4 cores
Steps to reproduce (ncat is needed to help with port forwarding):
Open 4 terminals, in which do:
- Create an erlamsa proxy from port A to port B:
erlamsa -i udp://55545:127.0.0.1:55546 -P 0.1,0.1 -L - -O -cm:port=51235 - create a loopback from port B to port A to get enough traffic
- I use another erlamsa
erlamsa -i udp://55546:127.0.0.1:55545 -P 0.1,0.1 -L - -O -cm:port=51236to generate a larger amount of diverse traffic and make the problem appear faster. - Or, an ncat pipe should also suffice:
while true; do ncat -u -l localhost 55546 --sh-exec "ncat -u localhost 55545"; done;. In my setup, it takes approx. a minute to reach the error.
- I use another erlamsa
top/htopor other activity monitor to validate that the system is operational- Inject some traffic into the feedback loop by doing
echo | ncat --send-only -u 127.0.0.1 55545. Usingyesor similar commands might also work.
Repeat step 4 in this terminal until the error appears in one of the erlamsas:
2019-06-24 16:21:42.778 <<0.67.0>> [info]: from udp client(c->s {127,0,0,1}:40267) [data_len = 1]: <<"\n">>
2019-06-24 16:21:42.778 <<0.181.0>> [info]: starting fuzzer main (parent = <0.67.0>), random seed is: {20456,41723,59679}
Stopped possibly bugged process: <0.181.0> (launched @ 1561393302, now is 1561393335)
WebSocket for connection
It looks like when you use TCP to connect to erlamsa as a network service, you get one input back and then the connection closes. This seems like a pretty big performance hit due to the time it takes to setup a TCP connection.
Is there a way to have erlamsa listen on a websocket and then we can connect with a weboscket and push/pull. Thinking the following:
- Client (Frida in the demo) connects up to erlamsa server over websocket
- Client sends specification for the type of data/mutation it wants
- Server sends back a mutation
- Client tests mutation
- Client sends back some sort of crash or not crash message to server
- Server sends next mutation
- Repeat as needed
The sending back of crash vs no crash would be duplicate if erlamsa was already monitoring the process, but in the event that it wasn't able to monitor (remote for instance), it could still keep track of what worked. Similarly, it might imply a crash if the client disconnects without sending a 'quit' message.
Failure to compile on Debian-derived BackBox
I've encountered the following issue when trying to compile:
$ escript rebar co
ERROR: Failed to load /home/dj/erlamsa/deps/procket/rebar.config: {error,
{81,file,
{error,
undef,
[{os,
getenv,
["TMPDIR",
"/tmp"],
[]},
{erl_eval,
do_apply,
6,
[{file,
"erl_eval.erl"},
{line,
569}]},
{erl_eval,
expr,5,
[{file,
"erl_eval.erl"},
{line,
364}]},
{erl_eval,
exprs,
5,
[{file,
"erl_eval.erl"},
{line,
118}]},
{file,
eval_stream2,
6,
[{file,
"file.erl"},
{line,
1368}]},
{file,
script,
2,
[{file,
"file.erl"},
{line,
1067}]},
{rebar_config,
new,2,
[{file,
"src/rebar_config.erl"},
{line,
238}]},
{rebar_core,
process_dir,
4,
[{file,
"src/rebar_core.erl"},
{line,
131}]}]}}}
$ echo $TMPDIR
/tmp
Any hint on how to further debug this will be greatly appreciated.
Compiling errors
Just cloned the repo and got this error:
[20:23 edu@de11 erlamsa] > sudo apt-get install git gcc make erlang erlang-dev erlang-tools erlang-ssl erlang-eunit erlang-mnesia erlang-inets
[sudo] password for edu:
Reading package lists... Done
Building dependency tree
Reading state information... Done
erlang-dev is already the newest version (1:20.2.2+dfsg-1ubuntu2).
erlang-eunit is already the newest version (1:20.2.2+dfsg-1ubuntu2).
erlang-inets is already the newest version (1:20.2.2+dfsg-1ubuntu2).
erlang-mnesia is already the newest version (1:20.2.2+dfsg-1ubuntu2).
erlang-ssl is already the newest version (1:20.2.2+dfsg-1ubuntu2).
erlang-tools is already the newest version (1:20.2.2+dfsg-1ubuntu2).
make is already the newest version (4.1-9.1ubuntu1).
erlang is already the newest version (1:20.2.2+dfsg-1ubuntu2).
gcc is already the newest version (4:7.3.0-3ubuntu2.1).
git is already the newest version (1:2.17.1-1ubuntu0.4).
0 to upgrade, 0 to newly install, 0 to remove and 0 not to upgrade.
[20:24 edu@de11 erlamsa] > make
./rebar get-deps
==> procket (get-deps)
==> erlserial (get-deps)
==> erlamsa (get-deps)
./rebar compile
==> procket (compile)
make[1]: Entering directory '/home/edu/tools/fuzz/erlamsa/deps/procket/c_src'
make -f /home/edu/tools/fuzz/erlamsa/deps/procket/c_src/Makefile.ancillary
make[2]: Entering directory '/home/edu/tools/fuzz/erlamsa/deps/procket/c_src'
make[2]: Nothing to be done for 'all'.
make[2]: Leaving directory '/home/edu/tools/fuzz/erlamsa/deps/procket/c_src'
cc -m64 -DHAVE_SETNS -g -Wall -o /home/edu/tools/fuzz/erlamsa/deps/procket/priv/procket -L/home/edu/tools/fuzz/erlamsa/deps/procket/c_src procket_cmd.c -lancillary
cc /home/edu/tools/fuzz/erlamsa/deps/procket/c_src/procket.o -shared -L/home/edu/tools/fuzz/erlamsa/deps/procket/c_src -lancillary -L /usr/lib/erlang/lib/erl_interface-3.10.1/lib -lerl_interface -lei -o /home/edu/tools/fuzz/erlamsa/deps/procket/c_src/../priv/procket.so
make[1]: Leaving directory '/home/edu/tools/fuzz/erlamsa/deps/procket/c_src'
==> erlserial (compile)
make[1]: Entering directory '/home/edu/tools/fuzz/erlamsa/deps/erlserial'
erlc -o ebin src/slip.erl
make[1]: Leaving directory '/home/edu/tools/fuzz/erlamsa/deps/erlserial'
/usr/bin/ld: c_src/serial.o: relocation R_X86_64_PC32 against symbol `bitrate_table' can not be used when making a shared object; recompile with -fPIC
/usr/bin/ld: final link failed: Bad value
collect2: error: ld returned 1 exit status
ERROR: sh(cc c_src/serial.o -shared -L"/usr/lib/erlang/lib/erl_interface-3.10.1/lib" -lerl_interface -lei -o priv/erlserial_drv.so)
failed with return code 1 and the following output:
/usr/bin/ld: c_src/serial.o: relocation R_X86_64_PC32 against symbol `bitrate_table' can not be used when making a shared object; recompile with -fPIC
/usr/bin/ld: final link failed: Bad value
collect2: error: ld returned 1 exit status
ERROR: compile failed while processing /home/edu/tools/fuzz/erlamsa/deps/erlserial: rebar_abort
Makefile:7: recipe for target 'compile' failed
make: *** [compile] Error 1
Create make install
Hi,
is there any reason why the Makefile doesn't have a make install? Perhaps it would be great to install compiled binaries in the path.
Best
Can't compile on Mac
Hi @dukebarman
I'm unable to compile the master branch on Mac:
$ git clone https://github.com/Darkkey/erlamsa.git
$ cd erlamsa
$ make
which rebar3 || test -f rebar3 || (mkdir -p _build && cd _build && git clone https://github.com/erlang/rebar3.git && cd rebar3 && ./bootstrap && cp ./rebar3 ../../rebar3 && cd ../..)
/usr/local/bin/rebar3
echo "-define(GITVER, \"; commit: `git log -1 --format=%cd --date=local` `git rev-parse HEAD`\")." > src/version.hrl
echo "-define(PREFIXDIR, \"/usr/local\")." >> src/version.hrl
mkdir -p priv
`which rebar3 || echo ./rebar3` get-deps
===> Verifying dependencies...
`which rebar3 || echo ./rebar3` compile
===> Verifying dependencies...
/Applications/Xcode.app/Contents/Developer/usr/bin/make -f /private/tmp/erlamsa/_build/default/lib/procket/c_src/Makefile.ancillary
make[2]: Nothing to be done for `all'.
cc -m64 -g -Wall -o /private/tmp/erlamsa/_build/default/lib/procket/priv/procket -L/private/tmp/erlamsa/_build/default/lib/procket/c_src procket_cmd.c -lancillary
ld: warning: ignoring file /private/tmp/erlamsa/_build/default/lib/procket/c_src/libancillary.a, building for macOS-x86_64 but attempting to link with file built for unknown-unsupported file format ( 0x21 0x3C 0x61 0x72 0x63 0x68 0x3E 0x0A 0x2F 0x20 0x20 0x20 0x20 0x20 0x20 0x20 )
Undefined symbols for architecture x86_64:
"_ancil_send_fd", referenced from:
_procket_pipe in procket_cmd-4b321f.o
ld: symbol(s) not found for architecture x86_64
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make[1]: *** [cmd] Error 1
===> Hook for compile failed!
make: *** [compile] Error 1
My config:
$ sw_vers
ProductName: macOS
ProductVersion: 13.0.1
BuildVersion: 22A400
$ erl -version
Erlang (SMP,ASYNC_THREADS) (BEAM) emulator version 12.2.
Fuzzing webservices questions
I have an additional question for you - What does your configuration during (for example wsdl/api/web apps testing) look like? How do you catch anomalies?
Originally posted by @ahpaleus in #6 (comment)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.