【发布时间】:2020-03-19 21:41:41
【问题描述】:
我在 Ubuntu 机器上使用 boofuzz 0.1.6。我正在尝试让 process_monitor_unix 连接到我想要进行模糊测试的服务器程序。当我启动 procmon 和我的脚本时,我在 procmon 上得到以下输出:
[05:47.20] Process Monitor PED-RPC server initialized:
[05:47.20] listening on: 0.0.0.0:26002
[05:47.20] crash file: /home/rico/PycharmProjects/iec104_server_fuzz/boofuzz-crash-bin
[05:47.20] # records: 0
[05:47.20] proc name: None
[05:47.20] log level: 1
[05:47.20] awaiting requests...
[05:47.24] updating target process name to './simple_server'
[05:47.24] updating stop commands to: [u'kill -SIGINT $(pidof simple_server)']
[05:47.24] updating start commands to: [u'/home/rico/iec60870/lib60870-master/lib60870-C/examples/cs104_server/simple_server']
[05:47.24] updating crash bin filename to 'boofuzz-crash-bin-2020-03-19T16-47-24'
[05:47.24] Starting target...
[05:47.24] starting target process
[05:47.24] done. waiting for start command to terminate.
APCI parameters:
t0: 10
t1: 15
t2: 10
t3: 20
k: 12
w: 8
输出“APCI 参数...”是每次服务器启动时发送的服务器消息。因此,我认为它已经启动并正在运行。我的问题是它没有响应传入的 tcp 包。 我的 fuzzscript 的输出如下:
[2020-03-19 17:47:24,314] Info: Web interface can be found at http://localhost:26000
[2020-03-19 17:47:24,316] Test Case: 1: activate->s_formatAPDU.no-name.1
[2020-03-19 17:47:24,316] Info: Type: Bytes. Default value: b'\x91\xef\xa5'. Case 1 of 270 overall.
[2020-03-19 17:47:24,316] Test Step: Calling procmon pre_send()
它卡在这个测试步骤中。 当我先启动服务器,然后是 procmon,然后是 fuzzscript 时,我收到以下错误:
[10:29.51] Process Monitor PED-RPC server initialized:
[10:29.51] listening on: 0.0.0.0:26002
[10:29.51] crash file: /home/rico/PycharmProjects/iec104_server_fuzz/boofuzz-crash-bin
[10:29.51] # records: 0
[10:29.51] proc name: None
[10:29.51] log level: 1
[10:29.51] awaiting requests...
[10:29.55] updating target process name to './simple_server'
[10:29.55] updating stop commands to: [u'kill -SIGINT $(pidof simple_server)']
[10:29.55] updating start commands to: [u'/home/rico/iec60870/lib60870-master/lib60870-C/examples/cs104_server/simple_server']
[10:29.55] updating crash bin filename to 'boofuzz-crash-bin-2020-03-19T21-29-55'
[10:29.55] Starting target...
[10:29.55] starting target process
[10:29.55] done. waiting for start command to terminate.
APCI parameters:
t0: 10
t1: 15
t2: 10
t3: 20
k: 12
w: 8
Starting server failed!
[10:29.56] searching for process by name "./simple_server"
Exception in thread Thread-1:
Traceback (most recent call last):
File "/usr/lib/python2.7/threading.py", line 801, in __bootstrap_inner
self.run()
File "/home/rico/.local/lib/python2.7/site-packages/boofuzz/utils/debugger_thread_simple.py", line 130, in run
self.spawn_target()
File "/home/rico/.local/lib/python2.7/site-packages/boofuzz/utils/debugger_thread_simple.py", line 115, in spawn_target
self.watch()
File "/home/rico/.local/lib/python2.7/site-packages/boofuzz/utils/debugger_thread_simple.py", line 166, in watch
for (pid, name) in _enumerate_processes():
File "/home/rico/.local/lib/python2.7/site-packages/boofuzz/utils/debugger_thread_simple.py", line 36, in _enumerate_processes
yield (pid, psutil.Process(pid).name())
File "/home/rico/.local/lib/python2.7/site-packages/psutil/__init__.py", line 346, in __init__
self._init(pid)
File "/home/rico/.local/lib/python2.7/site-packages/psutil/__init__.py", line 386, in _init
raise NoSuchProcess(pid, None, msg)
NoSuchProcess: psutil.NoSuchProcess no process found with pid 21574
现在这对我来说似乎很奇怪,因为 pid 21574 不是正在运行的服务器进程的 pid。现在有人对此有更多了解吗?即使是疯狂的猜测也值得赞赏! 如果您还需要其他信息,我很乐意提供。
【问题讨论】:
-
我会备份并确保您可以在没有进程监视器的情况下进行模糊测试。所以手动运行你的启动命令,然后启动模糊器,看看它是否有效。根据您的描述,情况可能已经如此。
-
接下来我要做的是手动启动服务器,然后使用
ps或类似的工具来检查进程列表和。一个示例命令是ps -wwauxf——您可以环顾四周,看看进程名称是什么。如果正在运行的服务器进程未命名为“./simple_server”,您可能希望通过 procmon 参数提供自定义名称。如果这能让你取得任何进展,请告诉我! -
您好,感谢您的回复。当我使用
ps aux搜索进程时,我得到的名称与我在脚本中编写的名称相同。我尝试将其更改为完整路径,并使用与启动命令相同的命令启动服务器。同样的错误。对我来说,procmon 似乎无法连接到正在运行的服务器。
标签: fuzzing process-monitoring boofuzz