I want the result of mutation data must include some specify character wherever it is.
e.g. I want generated a mutation data block length 65535 and include ":/".I have try like s_bytes(b":/",fuzzable=True,max_len=65535),but it's useless,only a few result include ":/".
How could I set a rule to get it?

If there is no limitation on the position of ':/', maybe you can do it like this:

s_bytes('a', fuzzable=True, max_len=65533)
s_static(':/')
s_bytes('b', fuzzable=True, max_len=65533)

If there is no limitation on the position of ':/', maybe you can do it like this:

s_bytes('a', fuzzable=True, max_len=65533)
s_static(':/')
s_bytes('b', fuzzable=True, max_len=65533)

Won’t this cause the length of this block to exceed 65535?
I want to limit it in this range,but if I do like this:
s_bytes('a', fuzzable=True, max_len=x) s_static(':/') s_bytes('b', fuzzable=True, max_len=y)#x+y=65533
The generated data may not fully meet the needs

If there is no limitation on the position of ':/', maybe you can do it like this:

s_bytes('a', fuzzable=True, max_len=65533)
s_static(':/')
s_bytes('b', fuzzable=True, max_len=65533)

Won’t this cause the length of this block to exceed 65535?

If I understood it correctly (maybe it has evoloved?), the boofuzz will only mutate one primitive at the same time. That is, the first s_bytes('a') and second s_bytes('b') won't be mutated simultaneously. Maybe you can do a simple test.

I want to limit it in this range,but if I do like this:
s_bytes('a', fuzzable=True, max_len=x) s_static(':/') s_bytes('b', fuzzable=True, max_len=y)#x+y=65533
The generated data may not fully meet the needs

Except the length, what else violate the needs?

If there is no limitation on the position of ':/', maybe you can do it like this:

s_bytes('a', fuzzable=True, max_len=65533)
s_static(':/')
s_bytes('b', fuzzable=True, max_len=65533)

Won’t this cause the length of this block to exceed 65535?

If I understood it correctly (maybe it has evoloved?), the boofuzz will only mutate one primitive at the same time. That is, the first s_bytes('a') and second s_bytes('b') won't be mutated simultaneously. Maybe you can do a simple test.

I want to limit it in this range,but if I do like this:
s_bytes('a', fuzzable=True, max_len=x) s_static(':/') s_bytes('b', fuzzable=True, max_len=y)#x+y=65533
The generated data may not fully meet the needs

Except the length, what else violate the needs?

Sorry,it's my fault. I copied it from your code and don't check it carefully.
What I want is a block must include string ":/" and length no more than 65535.
In below code:
s_bytes('', fuzzable=True, max_len=10000) s_static(':/') s_bytes('', fuzzable=True, max_len=55533)
It wouldn't generated data like "A"*65533+":/" even through it's length conform to limit

I did s simple test, and a few things need to update. (hope not misunderstood you)

PS: I used s_string() instead of s_bytes(), for I'm too lzay to update my local installed boofuzz. But I guess the s_bytes() is similar to s_string().

    s_initialize("hello")
    s_string("1", max_len=65530)
    s_static(":/")
    s_string("a", max_len=65530)

    session.connect(s_get("hello"))

    session.fuzz()

The length in the proposed method may broke the length limitation. Here is a snapshot of my simple test. If there are two mutated primitive, when mutated the second primitive, the value of the first one will iterate through the fuzz_library, thus maybe break the limitation.

So maybe you can try this, if there is no limitation on the position of ':/'.

    s_bytes("1", max_len=65534)
    s_static(":/")

What I want is a block must include string ":/" and length no more than 65535.
In below code:
s_bytes('', fuzzable=True, max_len=10000) s_static(':/') s_bytes('', fuzzable=True, max_len=55533)
It wouldn't generated data like "A"*65533+":/" even through it's length conform to limit

Do you need a data like "A"*65533+":/"? The max_len parameter is used to limit the total length of data, not to instruct it. There are some inbuilt strategies to generate long data.