使用 Peach Fuzzer 模糊 TCP 数据包

Question

我有两个应用程序，Sender.exe 和 Receiver.exe。我必须模糊发送方与接收方之间发送的 tcp 数据包。

我是 Peach Fuzzer 的初学者。您能否举一个示例（Peach Pit）来说明如何模糊 TCP 数据包。我无法在互联网上找到样本。

Answer 1

给定的代码可能会对您有所帮助。此 xml PIT 代码将向 localhost 发送 GET 请求，请求标头为

GET https://localhost HTTP/1.1
HOST : http://localhost
content-length: {some value depend ur body}

{body}

只要把这个xml放到一个文件中然后./peach -1 --debug pathtofile/file.xml

<?xml version="1.0" encoding="utf-8"?>
<Peach xmlns="http://peachfuzzer.com/2012/Peach" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://peachfuzzer.com/2012/Peach /peach/peach.xsd">
<DataModel name="Headermodel">
    <String name="Header" /> 
    <String value=": "/> 
    <String name="Value" /> 
    <String value="\r\n" /> 
</DataModel>


<DataModel name="HttpRequest">
 <!-- The HTTP reqest line: GET http://foo.coi HTTP/l.O -->
    <Block name= "RequestLine"> 
        <String name="Method"/>
        <String value=" "/> 
        <String name="RequestUri"/> 
        <String value=" "/>
        <String name="HttpVersion"/>
        <String value="\r\n"/> 
    </Block> 

    <Block name="HeaderHost" ref="Headermodel"> 
        <String name="Header" value="Host" /> 
    </Block> 

    <Block name="HeaderContentLength" ref="Headermodel"> 
        <String name="Header" value="Content-Length" /> 
        <!-- <String name="Header" value="Content-Length" />  -->
        <String name="Value"> 
            <Relation type="size" of="httpBody.content"/> 
        </String> 
    </Block> 

    <!-- <String value="\r\n"/>  -->

    <Block name="httpBody"> 
        <String name="content" value="length is 12" /> 
    </Block> 
</DataModel>


 <Data name="HttpGet" > 
    <Field name="RequestLine.Method" value="GET"/>
    <Field name="RequestLine.RequestUri" value="http://localhost" />
    <Field name="RequestLine.HttpVersion" value="HTTP/1.1"/>
    <Field name="HeaderHost.Value" value="http://localhost"/>
    <Field name="httpBody.content" value="\r\nfuzz"/>
 </Data> 

 <Data name="HttpOptions" ref="HttpGet"> 
    <Field name="RequestLine.Method" value="OPTIONS"/> 
    <Field name="RequestLine.RequestUri" value="*" /> 
    <Field name="HeaderHost.Value" value="" /> 
 </Data> 

 <StateModel name="State1" initialState="Initial"> 
    <State name="Initial">
        <Action type="output">
            <DataModel ref="HttpRequest"/>
            <Data ref="HttpGet"/> 
        </Action> 
    </State> 
</StateModel> 

<StateModel name="State2" initialState="Initial"> 
    <State name="Initial"> 
        <Action type="output"> 
            <DataModel ref="HttpRequest" /> 
            <Data ref="HttpOptions" />
        </Action> 
    </State> 
</StateModel>

<Test name="Default">
        <StateModel ref="State1"/>

        <Publisher class="TcpClient">
                <Param name="Host" value="localhost" />
                <Param name="Port" value="80" />
        </Publisher>
        <Logger class="File">
            <Param name="Path" value="logs"/>
        </Logger>
</Test>