Comments (5)
Hi @cuilu414,
did you set receive_data_after_fuzz
in your Session?
It will trigger a receive after sending a fuzzed message and save it to session.last_recv
, which you can then access in the callback.
Check https://boofuzz.readthedocs.io/en/stable/source/Session.html for a brief description of the available parameters.
from boofuzz.
@cuilu414 As to your case, I think this is the expected behaviour. The callback
function is used to modify data in node to be sent with extra support, not to receive response from socket.
According to the following code, the callkack
function will be called before self.transmit_fuzz()
, which is used to send mutated data. If you try to call target.recv(1024)
in callback
, since the boofuzz hasn't send data to your target, you will get no response of course.
Lines 1766 to 1781 in 69061ef
As @SR4ven suggested above, the right way to receive response from socket is to set extra parameters in your Session, like receive_data_after_fuzz=True
. Then you can access the last reponse in your custom callback via session.last_recv
.
Lines 1204 to 1228 in 69061ef
If receive_data_after_fuzz
is False
, and reuse_target_connection
is False
. After calling socket.send()
, it will close the socket by calling close()
. That's why you see "The boofuzz sent tcp-fin before receiving response".
Hope it helps.
from boofuzz.
Hi @cuilu414, did you set
receive_data_after_fuzz
in your Session? It will trigger a receive after sending a fuzzed message and save it tosession.last_recv
, which you can then access in the callback.Check https://boofuzz.readthedocs.io/en/stable/source/Session.html for a brief description of the available parameters.
Thanks,receive_data_after_fuzz is work !!!
from boofuzz.
@cuilu414 As to your case, I think this is the expected behaviour. The
callback
function is used to modify data in node to be sent with extra support, not to receive response from socket.According to the following code, the
callkack
function will be called beforeself.transmit_fuzz()
, which is used to send mutated data. If you try to calltarget.recv(1024)
incallback
, since the boofuzz hasn't send data to your target, you will get no response of course.Lines 1766 to 1781 in 69061ef
As @SR4ven suggested above, the right way to receive response from socket is to set extra parameters in your Session, like
receive_data_after_fuzz=True
. Then you can access the last reponse in your custom callback viasession.last_recv
.Lines 1204 to 1228 in 69061ef
If
receive_data_after_fuzz
isFalse
, andreuse_target_connection
isFalse
. After callingsocket.send()
, it will close the socket by callingclose()
. That's why you see "The boofuzz sent tcp-fin before receiving response".Hope it helps.
Thanks,receive_data_after_fuzz is work !!!
from boofuzz.
Set receive_data_after_fuzz is true,and use session.last_recv can capture response .
from boofuzz.
Related Issues (20)
- Logs to a txt or csv file missed some line for the last Test case HOT 3
- Problem with web interface (port: 26000) HOT 8
- Mirror primitive always returns the default value of the target primitive HOT 2
- How to use s_from_file()?It will cause some errors HOT 2
- How can I run boofuzz with 0.0.0.0 host IP HOT 2
- `Session.fuzz()` options to minimize redundant testcases HOT 3
- No boo utility HOT 2
- boofuzz/sessions.py is too long and complicated, let's fix that. HOT 8
- Session.fuzz_by_name is deprecated in favor of Session.fuzz(name=name). HOT 1
- "Aligned" definition function's implementation is incorrect,modify the encode method HOT 3
- Replace deprecated PyDbg library with a Python 3-based debugger
- http with multi-connect :session.connect(s.get"xxx") HOT 11
- Block "dep_value" Request is type bytes HOT 1
- usage for s_bits() HOT 4
- Test failure HOT 3
- ChildProcessError: [Errno 10] No child processes and module 'os' has no attribute 'WCOREDUMP' HOT 4
- Potential bug fix in session.py
- Group primitive: Value of default_value cannot be used in fuzzing HOT 1
- AttributeError: 'bytes' object has no attribute 'encode'. Did you mean: 'decode'?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from boofuzz.