Hi,

I am relatively new to Sulley and sorry for asking premature questions, in advance.

I am trying to write a fuzzer for a TFTP Server and I would like to go deep within the protocol. For example, below you may see my requests in order:

s.connect(s_get("wr_pkt")) # Fuzz the write request packet.

s.connect(s_get("rd_pkt")) # Fuzz the read request packet.

s.connect(s_get("data_pkt")) # Fuzz the data packet.

s.connect(s_get("ack_pkt")) # Fuzz the Ack packet.

s.connect(s_get("err_pkt")) # Fuzz the Error packet.

s.connect(s_get("wr_pkt"), s_get("data_pkt"), callback=Get_Block_no) # get the Ack packets from the server which contain block number, so that you can fuzzed data packets consecutively.

s.connect(s_get("rd_pkt"), s_get("ack_pkt"), callback=Get_Block_no) # Server responds back with the data, and you fuzz the ack packets consecutively.

s.connect(s_get("rd_pkt"), s_get("err_pkt")) # Server responds back with the data, and you fuzz the err packets consecutively.

So, when I send a request to the server on port 69, it responds back with a random port and establishes the connection on the new port. So, my problem is when the port number changes then I need to redirect my requests on the new port so that I can continue fuzzing deep into the protocol.

Is there any way to retrieve the new port from the socket and modify the target's port number in the current session?!

Your help would be so much appreciated!

Thanks.

Hrm, I don't know of a good way to do that off the top of my head.

What you COULD do is hook the low level socket functions on the client you're attempting to fuzz and always have it connect back on the same port.

Hi,
I think you can change the port dynamically in the callback function.
By setting sess.target[0].port=new_port where sess is the session given as argument of the callback function.