Fuzzing with session ids
RobertLarsen opened this issue · comments
Robert Larsen commented
I am trying to fuzz a server which hands out random session ids to clients when they connect.
This session id should be provided in many requests from the client. How do I do that?
When connecting the nodes I can put up a callback that catches the session id, but how do I specify that a block needs data that is not known until a few packets have been sent and received?
Robert Larsen commented
To answer my own question, I think I found something that will work:
def token_reader(block):
def read_token(session, node, edge, sock):
m = re.search('^TOKEN ([0-9]*)', session.last_recv)
if m:
block.names['token'].original_value = m.group(1)
return read_token
s_initialize('msg')
s_static('MSG')
s_delim(' ')
s_string('0', name='token')
s_delim(' ')
s_string('Hello World')
s_static('\n')
sess.connect(s_get('join'), s_get('msg'), token_reader(s_get('msg')))