SocketInjectingFuzzer is a dumb fuzzer, focused on applications working in a client-server architecture. It uses the LD_PRELOAD
trick to hook network sending functions (sendto
, send
, write
etc.) and mutates outgoing data using radamsa.
$ git clone https://github.com/mmmds/sif
$ cd sif
$ git clone --depth 1 https://gitlab.com/akihe/radamsa
$ cd radamsa/
$ CFLAGS="-fPIC" make lib/libradamsa.o
$ gcc -I`pwd`/radamsa/c -fPIC -shared -o fuzzer.o fuzzer.c radamsa/lib/libradamsa.o -ldl
LD_PRELOAD="/usr/lib/x86_64-linux-gnu/libasan.so.4 /home/mmm/sif/fuzzer.o" ./<app>
verbose
- useful for debugging (default0
)fuzz
- enable fuzzing (default1
)dump
- dump received network communication (default0
)seed
- seed for radamsa (random value if not set)repeat
- mutate and send every packet x more timeswait
- wait x seconds before fuzzing startsswitch_file
- fuzz only if given file existstarget_ip
- fuzz only given target (default127.0.0.1
)target_port
- fuzz only given port (all ports if not set)chance
- chance 1-100 for fuzzing a packet (default100
)
Example usage:
SIF_OPTIONS="fuzz=1:verbose=1:dump=1:dump_output=../:seed=123:skip=5:repeat=10:wait=3:switch_file=../1.switch:target_ip=127.0.0.1:target_port=80:chance=50" LD_PRELOAD="/usr/lib/x86_64-linux-gnu/libasan.so.4 /home/mmm/sif/fuzzer.o" ./<app>
- hook
sendto
- hook
send
,write
- error handling
-
Chocolate Doom, Crispy Doom
-
Teeworlds
-
Zandronum