Comments (8)
So, it happens that I have some code lying around that has this done, more or less; but without the SessionOptions object. I'm still in the process of getting permission to opensource it, but it's 100% on me that it has been stale for this long.
However, my code depends on #638; and since I'm currently in the middle of moving houses I probably won't get around to finish that anytime soon. So if someone could pick up there, I can maybe allocate some time in the near future to get the other code in a PR.
Just a word of warning though; the particular way I chose to split the Session class was heavily influenced by my research needs. It might need some more work before being ready to merge and as it currently stands, I'm unsure whether I can allocate the time neccessary to do so. Originally, I planned to hire a student assistant to finish this PR and aid my research, but so far this hasn't come to fruition.
from boofuzz.
I'll also understand that this will probably create some merge conflicts with #624. At the moment though my goal is to move code, not to edit it, so these should be resolvable fairly easily.
from boofuzz.
On further consideration, it seems to me that many options will simply be unnecessary in the first place once the pipeline is dynamic and pluggable. Take for example this excerpt:
Lines 1396 to 1402 in 2e1d91a
These options can simply be set when creating the step instance for the pipeline, and thus don't need to be set in the sessions constructor.
Obviously, boofuzz should make it easy to get some set of default pipelines with a subset of configuration options for common use cases (think from boofuzz.pipelines import default_pipeline
).
from boofuzz.
I'll also understand that this will probably create some merge conflicts with #624. At the moment though my goal is to move code, not to edit it, so these should be resolvable fairly easily.
Right now there's no foreseeable date on when I'll get approval to release my contributions to the public. Regardless, I agree that the merge conflict that may rise from this will be easy to resolve.
from boofuzz.
Is this ticket still open ? I probably would like to contribute for it.
Metin
from boofuzz.
@mistressofjellyfish Thanks for the issue! My apologies as I've been way behind on open source work.
I like the overall idea. 100% agree on splitting out classes.
I would say that my bias is heavily toward backwards-compatibility for imports. It's easy to use aliases to preserve importable names, so it won't create a huge code overhead.
I'd lean the same way with regard to SessionOptions. Keep the kwargs and use them to create a SessionOptions within the Session constructor. You can use a helper method if it helps readability in Session. I actually think the Session constructor, though long, is relatively easily understood.
Re fuzzing loop -- I definitely agree there is room for improvement, though I'm not entirely sure how. The code used to be more procedural, and I refactored it to be a little less stateful. The logic is confusing, but a key attribute is that it enables multiple mutations on one message. That's a property I would want it to keep. For starters, just moving this logic outside Session might be a good step.
I'll check out the PR too.
from boofuzz.
@MetinSAYGIN #638 has some minor changes requested that somebody could take over! Feel free to build on that PR and fix the minor issues.
from boofuzz.
@mistressofjellyfish thanks for the update -- if you get it approved, an in-progress PR is plenty welcome. Good luck!
from boofuzz.
Related Issues (20)
- Problem with web interface (port: 26000) HOT 8
- Mirror primitive always returns the default value of the target primitive HOT 2
- How to use s_from_file()?It will cause some errors HOT 2
- How can I run boofuzz with 0.0.0.0 host IP HOT 2
- `Session.fuzz()` options to minimize redundant testcases HOT 3
- No boo utility HOT 2
- Session.fuzz_by_name is deprecated in favor of Session.fuzz(name=name). HOT 1
- "Aligned" definition function's implementation is incorrect,modify the encode method HOT 3
- Replace deprecated PyDbg library with a Python 3-based debugger
- http with multi-connect :session.connect(s.get"xxx") HOT 11
- Block "dep_value" Request is type bytes HOT 1
- usage for s_bits() HOT 4
- Test failure HOT 3
- ChildProcessError: [Errno 10] No child processes and module 'os' has no attribute 'WCOREDUMP' HOT 4
- The callback can not capture response when fuzzing http , because the boofuzz send tcp-fin before response . HOT 5
- Potential bug fix in session.py
- Group primitive: Value of default_value cannot be used in fuzzing HOT 1
- AttributeError: 'bytes' object has no attribute 'encode'. Did you mean: 'decode'?
- How to calculate the checksum for ICMPv6 protocol during fuzz testing?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from boofuzz.