A fork and successor of the Sulley Fuzzing Framework
default_value
from string to bytes for FromFile
.s_update
primitive was out of date.BitField
primitive.Session.fuzz(name=name)
.dep_value
argument of Block
to bytes and added type checks.NETCONFConnection
class.Session
arg db_filename
to modify the location of the log database.FuzzableBlock
.Bytes
primitive to prevent incorrect use.s_binary
initialization.Simple
primitive that uses only the specified values for fuzzing.Float
primitive with support for IEEE 754 encoding.Checksum
primitive.random
.This release brings some huge memory optimizations as we are now using iterators to generate the test case data. Boofuzz will no longer munch Gigabytes of RAM when fuzzing with large protocol definitions! Also check out the new object orientated method for defining protocols here.
Aligned
block: Aligns content length to multiple of certain number of bytes.Checksum
, Size
, etc. now resolve absolute and relative names. Block and primitive
names no longer need to be globally unique within a message, they only need to be locally unique within a block.TestCaseContext
object to which one can save data to be used
later in the test case. TestCaseSessionReference
can be passed as a default value in a protocol definition. The name
it references must have been saved by the time that message in the protocol is reached.Fuzzable
rewrite: Simpler definitions for new fuzz primitives. See static.py
for an example of a very simple primitive.ProcessMonitorLocal
allows running procmon as part of fuzzer process.UnixSocketConnection
class.current_message
, previous_message
.Group
primitives.SocketConnection
is now deprecated. Use the classes derived from BaseSocketConnection
instead.connections
submodule.SessionInfo
has had attributes renamed; procmon_results and netmon_results are deprecated and now aliases for monitor_results and monitor_data respectively.BoofuzzFailure
exception type allows callback methods to signal a failure that should halt the current test case.capture_output
option to process monitor to capture target process stderr/stdout .FileConnection
to dump messages to files.fuzz_data_logger
, log_level
, logfile
, logfile_level
and log()
.FuzzLoggerFile
.crc32c
is no longer a required package. Install manually if needed.requests
folder to request_definitions
because it shadowed the name of the requests
python module.s_bytes
which fuzzes an arbitrary length binary value (similiar to s_string
).Black
for code style standardization.s_group
primitive was not accepting empty default value.examples/fuzz-ssl-server.py
and examples/fuzz-ssl-client.py
.boo open
.fuzz_logger_curses
.sudo
is no longer recommended, use the --user
option of pip instead.ignore_connection_ssl_errors
session attribute that can
be set to True to ignore SSL-related error on a test case.s_from_file
decoding in Python 2 (the encoding parameter is now depreciated).s_checksum
. It is possible to use a custom algorithm with this block.console_gui
to enable it.
This has not been tested under Windows!keep_web_open
to allow analyzing the test results after test completion.taskkill -F
if taskkill
fails.restart_callbacks
, pre_send_callbacks
, and post_test_case_callbacks
to hand over custom callback functions.fuzz_db_keep_only_n_pass_cases
. This allowes saving only n test cases preceding a failure or error to the database.Target
recv
function now accepts a max_recv_bytes
argument.