-
Notifications
You must be signed in to change notification settings - Fork 0
/
3_mutationfuzzer.py
70 lines (56 loc) · 1.79 KB
/
3_mutationfuzzer.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
import random
from urllib.parse import urlparse
def fuzzer(max_length=100, char_start=32, char_range=32):
length = random.randint(0, max_length + 1)
out = ""
for i in range(length):
out += chr(random.randint(char_start, char_start+char_range))
return out
def http_program(url):
supported_schemes = ["http", "https"]
result = urlparse(url)
if result.scheme not in supported_schemes:
raise ValueError("Scheme must be one of " + repr(supported_schemes))
if result.netloc == '':
raise ValueError("Host must be non-empty")
# Do something with the URL
return True
# Demonstrate how difficult it is
for i in range(1000):
try:
url = fuzzer()
result = http_program(url)
print("Success!")
except ValueError:
pass
valid_url = "http://studip.uni-passau.de/courses/software-analysis.html?foo=bar"
def insert_character(str):
pos = random.randint(0, len(str))
return str[:pos] + chr(random.randrange(32, 127)) + str[pos:]
def delete_character(str):
if str == "":
return str
pos = random.randint(0, len(str) - 1)
return str[:pos] + str[pos + 1:]
def replace_character(str):
pos = random.randint(0, len(str) - 1)
return str[:pos] + chr(random.randrange(32, 127)) + str[pos+1:]
def mutate(str):
ops = [ insert_character, delete_character, replace_character ]
op = random.choice(ops)
return op(str)
count = 0
found = False
while not found:
result = mutate(valid_url)
if "https://" in result:
found = True
count += 1
print("Found after %d iterations: %s" % (count, result))
seed_input = "http://www.google.com/search?q=fuzzing"
mutations = 50
inp = seed_input
for i in range(mutations):
if i % 5 == 0:
print(i, "mutations:", repr(inp))
inp = mutate(inp)