Giters

OpenRCE / sulley

A pure-python fully automated and unattended fuzzing framework.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Sulley does not capture any bytes to pcap files

PolymathMonkey opened this issue · comments

commented

Hi,

i have this specific Problem happening on one of my Lab environment Machines.
First of all i did the Sulley installation like the Wiki page suggested. And also network_monitor.py
and process_monitor.py work fine. But when i come to the point where i want to do some test fuzz'es to see if it works. Sulley claims something like "stopped PCAP thread, snagged 0 bytes of data". But on the other side on the second test machine the scripts run perfectly, And the network traffic gets written to the pcap files. If this is not really an issue please just close this ticket. Thanks in advance.

Kind regards,

Monkey

commented

Hey there,

Can you give me some more info on your setup, and some debug messages?

Thanks!

commented

Hi there,

of course i can provide more details. I tried to keep as close
to the wikipage for setting up on a Windows box. So this is what i
am actually trying to run (in random order):

For the Setup i am running, it is just a WinXP SP3 Ger. in a virutal machine
running on a KVM. The VM has got about 512mb of ram and CPU has 3.3 Ghz. For
the application i want to test i used an vurnlserver fuzzer i found on:

http://resources.infosecinstitute.com/fuzzing-vulnserver-with-sulley-part-3/

I hope these Information helps to fix this issue. If i can give you any other
information, just tell me. I will try to provide them as soon as i can. Thanks in advance

Kind regards,

PolymathMonkey

commented

Are you attempting to fuzz it locally (sulley and the vulnerable program on
the same computer)?

On Mon, Oct 13, 2014 at 11:35 PM, PolymathMonkey notifications@github.com
wrote:

Hi there,

of course i can provide more details. I tried to keep as close
to the wikipage for setting up on a Windows box. So this is what i
am actually trying to run (in random order):

For the Setup i am running, it is just a WinXP SP3 Ger. in a virutal
machine
running on a KVM. The VM has got about 512mb of ram and CPU has 3.3 Ghz.
For
the application i want to test i used an vurnlserver fuzzer i found on:

http://resources.infosecinstitute.com/fuzzing-vulnserver-with-sulley-part-3/

I hope these Information helps to fix this issue. If i can give you any
other
information, just tell me. I will try to provide them as soon as i can.
Thanks in advance

Kind regards,

PolymathMonkey


Reply to this email directly or view it on GitHub
#64 (comment).

commented

Yes to that, but i also tied to let the network_monitor run on the linux host system. But with no success, when i run the nwmon on linux it only does one capture and then stops to iterate.

commented

Yeah, this is a known issue :( the windows TCP stack won't let you
intercept traffic it's routing to a local interface (for some really dumb
reason).

I'd recommend either setting up 2 VMs and fuzzing one to the other, or
following some advice here ->
http://wiki.wireshark.org/CaptureSetup/Loopback

Moving forward I'm actually axing the pcap-to-get-your-payload model as
it's pretty silly, plus it doesn't work on things like SSL (even if you can
capture traffic), so this shouldn't be an issue.

On Tue, Oct 14, 2014 at 1:39 AM, PolymathMonkey notifications@github.com
wrote:

Yes to that, but i also tied to let the network_monitor run on the linux
host system. But with no success, when i run the nwmon on linux it only
does one capture and then stops to iterate.


Reply to this email directly or view it on GitHub
#64 (comment).

commented

Okay thanks i will try your suggestions and then i will give you some feedback :)

commented

Sweet! Let me know :)

On Tue, Oct 14, 2014 at 11:33 PM, PolymathMonkey notifications@github.com
wrote:

Okay thanks i will try your suggestions and then i will give you some
feedback :)


Reply to this email directly or view it on GitHub
#64 (comment).

commented

@PolymathMonkey @Fitblip Have you solved the problem? Sulley failed to log cap files.

root@lab:~/sulley# uname -a
Linux lab 4.3.0-kali1-686-pae #1 SMP Debian 4.3.5-1kali1 (2016-02-11) i686 GNU/Linux
root@lab:~/sulley# python network_monitor.py -d 0 -f "port 21" -P audit
[10:07.06] Network Monitor PED-RPC server initialized:
[10:07.06]   device:    eth0
[10:07.06]   filter:    port 21
[10:07.06]   log path:  audit
[10:07.06]   log_level: 1
[10:07.06] Awaiting requests...
[10:07.19] initializing capture for test case #3
Warning: Kernel filter failed: Bad file descriptor
Exception in thread Thread-1:
Traceback (most recent call last):
  File "/usr/lib/python2.7/threading.py", line 801, in __bootstrap_inner
    self.run()
  File "/usr/lib/python2.7/threading.py", line 754, in run
    self.__target(*self.__args, **self.__kwargs)
  File "/root/sulley/sulley/pedrpc.py", line 299, in serve_forever
    ret = method_pointer(*args, **kwargs)
  File "network_monitor.py", line 178, in pre_send
    self.pcap.setfilter(self.filter)
PcapError: can't remove kernel filter: Bad file descriptor
commented

#39 network_monitor broken in linux

commented

@all3g check the link @Fitblip posted. It explains the problem pretty good, in basic you have to do sniffing from a virtual LAN or such because sniffing from loopback in windows was a pain in the ass

commented

Yup, @PolymathMonkey is correct. Sniffing locally has always been an issue due to how the networking stacks work in each platform.

@all3g your issue seems like it might actually be a configuration issue with VMWare though. Some cursory googling of your issue lead me to this -> https://communities.bmc.com/message/606551

commented

Thanks @PolymathMonkey @Fitblip . It works.

  • fuzz.py is on the Kali Linux
  • network_minitor.py and process_monitor.py are on windows xp3.

screen shot 2016-03-12 at 8 53 51 am