darkkey / erlamsa Goto Github PK
View Code? Open in Web Editor NEWErlang port of famous radamsa fuzzzer.
License: MIT License
Erlang port of famous radamsa fuzzzer.
License: MIT License
I tried to run the UDP proxy and ended up with an error. Am I doing something wrong or is there a bug?
$ ./erlamsa -P 0.5,0.5 -i udp://8001:localhost:8000
=ERROR REPORT==== 8-Sep-2018::16:36:02.407203 ===
Error in process <0.76.0> with exit value:
{badarg,[{io_lib,format,
["udp proxy worker process started, socket id ~p, bind to ~s:~d",
[#Port<0.6>]],
[{file,"io_lib.erl"},{line,183}]},
{erlamsa_logger,'-build_logger/1-fun-1-',5,
[{file,"src/erlamsa_logger.erl"},{line,174}]},
{erlamsa_logger,logger,1,
[{file,"src/erlamsa_logger.erl"},{line,210}]}]}
=ERROR REPORT==== 8-Sep-2018::16:36:02.407913 ===
Error in process <0.79.0> with exit value:
{{badmatch,[{"udp",8001,44443,{127,0,0,1},8000}]},
[{erlamsa_fuzzproxy,loop_udp,7,
[{file,"src/erlamsa_fuzzproxy.erl"},{line,149}]}]}
Hi @dukebarman
Would it be possible to have a tutorial showing how to use erlamsa
in real world?
I'd like to test my web server + some libraries at work.
Thanks
Hello again! Did some bidirectional UDP fuzzing and got this crash. I have no idea how to debug erlang...
Command line used: $ ./erlamsa -i udp://<port>:<hostname>:<port> -B 10 -L - -P 0.05,0.05
Using latest master
.
2018-09-11 03:48:06.320 <<0.80.0>>: starting fuzzer main (parent = <0.79.0>), random seed is: {52493,47369,54400}
=ERROR REPORT==== 11-Sep-2018::03:48:06.330279 ===
Error in process <0.80.0> with exit value:
{function_clause,
[{erlamsa_sgml,tz,
[{uqval,
[226,99,8,228,124,127,4,173,181,90,110,146,24,37,215,17,227,234,
250,172,16,119,91,90,194,140],
{[77,161,190,212,114,59,15,107,91,245,243,113,152,238,203,225,1,
202,190,47,101,137,66,35,170,45,182,33,163,122,170,240,164,
157,3,84,245,53,177,247,215,58,177,172,250,5,0,133,185,245,31,
36,80,146,193,111,167,82,189,212,49,84,78,252,154,159,169,157,
98,223,254,149,155,17,28,132,49,119,135,139,160,78,182,212,
233,155,236,224,125,250,121,218,132,170,87,39,246,98,152,105,
92,128,231,224,115,30,222,28,213,129,248],
"`�)",[]}},
<<>>],
[{file,"src/erlamsa_sgml.erl"},{line,100}]},
{erlamsa_sgml,tokenize,1,[{file,"src/erlamsa_sgml.erl"},{line,70}]},
{erlamsa_sgml,parse,1,[{file,"src/erlamsa_sgml.erl"},{line,185}]},
{erlamsa_sgml,sgml_mutate,2,[{file,"src/erlamsa_sgml.erl"},{line,622}]},
{erlamsa_mutations,mux_fuzzers_loop,4,
[{file,"src/erlamsa_mutations.erl"},{line,1008}]},
{erlamsa_patterns,pat_burst_cont,4,
[{file,"src/erlamsa_patterns.erl"},{line,208}]},
{erlamsa_patterns,mutate_once_skipper,4,
[{file,"src/erlamsa_patterns.erl"},{line,124}]},
{erlamsa_main,fuzzer_loop,11,
[{file,"src/erlamsa_main.erl"},{line,164}]}]}
Hi, after the latest update i have a erlamsa http server problem:
$ ./erlamsa -H 127.0.0.1:17772
=ERROR REPORT==== 2-Nov-2018::14:28:59.411985 ===
Error in process <0.89.0> with exit value:
{undef,[{'',mutations,[],[]},
{erlamsa_main,fuzzer,1,[{file,"src/erlamsa_main.erl"},{line,107}]},
{erlamsa_fsupervisor,launch_fuzzing_process,2,
[{file,"src/erlamsa_fsupervisor.erl"},
{line,49}]}]}
Default python code:
import httplib
erlamsa_url = '127.0.0.1:17772'
original_string = "Hello erlamsa!"
httpconn = httplib.HTTPConnection(erlamsa_url)
headers = {"content-type": "application/octet-stream"}
httpconn.request('POST', '/erlamsa/erlamsa_esi:fuzz', original_string, headers)
response = httpconn.getresponse()
fuzzed_string = response.read()
print(original_string + " erlamsed to " + fuzzed_string)
Btw great work!
Erlamsa very often hangs when being used in UDP proxy mode.
Setup: Ubuntu 18.04 x64 VM, 8GB, 4 cores
Steps to reproduce (ncat is needed to help with port forwarding):
Open 4 terminals, in which do:
erlamsa -i udp://55545:127.0.0.1:55546 -P 0.1,0.1 -L - -O -cm:port=51235
erlamsa -i udp://55546:127.0.0.1:55545 -P 0.1,0.1 -L - -O -cm:port=51236
to generate a larger amount of diverse traffic and make the problem appear faster.while true; do ncat -u -l localhost 55546 --sh-exec "ncat -u localhost 55545"; done;
. In my setup, it takes approx. a minute to reach the error.top
/ htop
or other activity monitor to validate that the system is operationalecho | ncat --send-only -u 127.0.0.1 55545
. Using yes
or similar commands might also work.2019-06-24 16:21:42.778 <<0.67.0>> [info]: from udp client(c->s {127,0,0,1}:40267) [data_len = 1]: <<"\n">>
2019-06-24 16:21:42.778 <<0.181.0>> [info]: starting fuzzer main (parent = <0.67.0>), random seed is: {20456,41723,59679}
Stopped possibly bugged process: <0.181.0> (launched @ 1561393302, now is 1561393335)
It looks like when you use TCP to connect to erlamsa as a network service, you get one input back and then the connection closes. This seems like a pretty big performance hit due to the time it takes to setup a TCP connection.
Is there a way to have erlamsa listen on a websocket and then we can connect with a weboscket and push/pull. Thinking the following:
The sending back of crash vs no crash would be duplicate if erlamsa was already monitoring the process, but in the event that it wasn't able to monitor (remote for instance), it could still keep track of what worked. Similarly, it might imply a crash if the client disconnects without sending a 'quit' message.
I've encountered the following issue when trying to compile:
$ escript rebar co
ERROR: Failed to load /home/dj/erlamsa/deps/procket/rebar.config: {error,
{81,file,
{error,
undef,
[{os,
getenv,
["TMPDIR",
"/tmp"],
[]},
{erl_eval,
do_apply,
6,
[{file,
"erl_eval.erl"},
{line,
569}]},
{erl_eval,
expr,5,
[{file,
"erl_eval.erl"},
{line,
364}]},
{erl_eval,
exprs,
5,
[{file,
"erl_eval.erl"},
{line,
118}]},
{file,
eval_stream2,
6,
[{file,
"file.erl"},
{line,
1368}]},
{file,
script,
2,
[{file,
"file.erl"},
{line,
1067}]},
{rebar_config,
new,2,
[{file,
"src/rebar_config.erl"},
{line,
238}]},
{rebar_core,
process_dir,
4,
[{file,
"src/rebar_core.erl"},
{line,
131}]}]}}}
$ echo $TMPDIR
/tmp
Any hint on how to further debug this will be greatly appreciated.
Just cloned the repo and got this error:
[20:23 edu@de11 erlamsa] > sudo apt-get install git gcc make erlang erlang-dev erlang-tools erlang-ssl erlang-eunit erlang-mnesia erlang-inets
[sudo] password for edu:
Reading package lists... Done
Building dependency tree
Reading state information... Done
erlang-dev is already the newest version (1:20.2.2+dfsg-1ubuntu2).
erlang-eunit is already the newest version (1:20.2.2+dfsg-1ubuntu2).
erlang-inets is already the newest version (1:20.2.2+dfsg-1ubuntu2).
erlang-mnesia is already the newest version (1:20.2.2+dfsg-1ubuntu2).
erlang-ssl is already the newest version (1:20.2.2+dfsg-1ubuntu2).
erlang-tools is already the newest version (1:20.2.2+dfsg-1ubuntu2).
make is already the newest version (4.1-9.1ubuntu1).
erlang is already the newest version (1:20.2.2+dfsg-1ubuntu2).
gcc is already the newest version (4:7.3.0-3ubuntu2.1).
git is already the newest version (1:2.17.1-1ubuntu0.4).
0 to upgrade, 0 to newly install, 0 to remove and 0 not to upgrade.
[20:24 edu@de11 erlamsa] > make
./rebar get-deps
==> procket (get-deps)
==> erlserial (get-deps)
==> erlamsa (get-deps)
./rebar compile
==> procket (compile)
make[1]: Entering directory '/home/edu/tools/fuzz/erlamsa/deps/procket/c_src'
make -f /home/edu/tools/fuzz/erlamsa/deps/procket/c_src/Makefile.ancillary
make[2]: Entering directory '/home/edu/tools/fuzz/erlamsa/deps/procket/c_src'
make[2]: Nothing to be done for 'all'.
make[2]: Leaving directory '/home/edu/tools/fuzz/erlamsa/deps/procket/c_src'
cc -m64 -DHAVE_SETNS -g -Wall -o /home/edu/tools/fuzz/erlamsa/deps/procket/priv/procket -L/home/edu/tools/fuzz/erlamsa/deps/procket/c_src procket_cmd.c -lancillary
cc /home/edu/tools/fuzz/erlamsa/deps/procket/c_src/procket.o -shared -L/home/edu/tools/fuzz/erlamsa/deps/procket/c_src -lancillary -L /usr/lib/erlang/lib/erl_interface-3.10.1/lib -lerl_interface -lei -o /home/edu/tools/fuzz/erlamsa/deps/procket/c_src/../priv/procket.so
make[1]: Leaving directory '/home/edu/tools/fuzz/erlamsa/deps/procket/c_src'
==> erlserial (compile)
make[1]: Entering directory '/home/edu/tools/fuzz/erlamsa/deps/erlserial'
erlc -o ebin src/slip.erl
make[1]: Leaving directory '/home/edu/tools/fuzz/erlamsa/deps/erlserial'
/usr/bin/ld: c_src/serial.o: relocation R_X86_64_PC32 against symbol `bitrate_table' can not be used when making a shared object; recompile with -fPIC
/usr/bin/ld: final link failed: Bad value
collect2: error: ld returned 1 exit status
ERROR: sh(cc c_src/serial.o -shared -L"/usr/lib/erlang/lib/erl_interface-3.10.1/lib" -lerl_interface -lei -o priv/erlserial_drv.so)
failed with return code 1 and the following output:
/usr/bin/ld: c_src/serial.o: relocation R_X86_64_PC32 against symbol `bitrate_table' can not be used when making a shared object; recompile with -fPIC
/usr/bin/ld: final link failed: Bad value
collect2: error: ld returned 1 exit status
ERROR: compile failed while processing /home/edu/tools/fuzz/erlamsa/deps/erlserial: rebar_abort
Makefile:7: recipe for target 'compile' failed
make: *** [compile] Error 1
Hi,
is there any reason why the Makefile
doesn't have a make install
? Perhaps it would be great to install compiled binaries in the path.
Best
Hi @dukebarman
I'm unable to compile the master
branch on Mac:
$ git clone https://github.com/Darkkey/erlamsa.git
$ cd erlamsa
$ make
which rebar3 || test -f rebar3 || (mkdir -p _build && cd _build && git clone https://github.com/erlang/rebar3.git && cd rebar3 && ./bootstrap && cp ./rebar3 ../../rebar3 && cd ../..)
/usr/local/bin/rebar3
echo "-define(GITVER, \"; commit: `git log -1 --format=%cd --date=local` `git rev-parse HEAD`\")." > src/version.hrl
echo "-define(PREFIXDIR, \"/usr/local\")." >> src/version.hrl
mkdir -p priv
`which rebar3 || echo ./rebar3` get-deps
===> Verifying dependencies...
`which rebar3 || echo ./rebar3` compile
===> Verifying dependencies...
/Applications/Xcode.app/Contents/Developer/usr/bin/make -f /private/tmp/erlamsa/_build/default/lib/procket/c_src/Makefile.ancillary
make[2]: Nothing to be done for `all'.
cc -m64 -g -Wall -o /private/tmp/erlamsa/_build/default/lib/procket/priv/procket -L/private/tmp/erlamsa/_build/default/lib/procket/c_src procket_cmd.c -lancillary
ld: warning: ignoring file /private/tmp/erlamsa/_build/default/lib/procket/c_src/libancillary.a, building for macOS-x86_64 but attempting to link with file built for unknown-unsupported file format ( 0x21 0x3C 0x61 0x72 0x63 0x68 0x3E 0x0A 0x2F 0x20 0x20 0x20 0x20 0x20 0x20 0x20 )
Undefined symbols for architecture x86_64:
"_ancil_send_fd", referenced from:
_procket_pipe in procket_cmd-4b321f.o
ld: symbol(s) not found for architecture x86_64
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make[1]: *** [cmd] Error 1
===> Hook for compile failed!
make: *** [compile] Error 1
My config:
$ sw_vers
ProductName: macOS
ProductVersion: 13.0.1
BuildVersion: 22A400
$ erl -version
Erlang (SMP,ASYNC_THREADS) (BEAM) emulator version 12.2.
I have an additional question for you - What does your configuration during (for example wsdl/api/web apps testing) look like? How do you catch anomalies?
Originally posted by @ahpaleus in #6 (comment)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.