boofuzz
boofuzz copied to clipboard
jtpereyda
Handle "Protocol wrong type for socket" errors
Using the boofuzz-http sample, I repeatedly get the following error while fuzzing a generic http server:
[2019-03-04 00:51:10,958] Test Case: 496: Request.Request-URI.496
[2019-03-04 00:51:10,959] Info: Type: String. Default value: '/index.html'. Case 496 of 2984 overall.
[2019-03-04 00:51:10,960] Info: Opening target connection (127.0.0.1:8000)...
[2019-03-04 00:51:10,961] Info: Connection opened.
[2019-03-04 00:51:10,962] Test Step: Fuzzing Node 'Request'
[2019-03-04 00:51:10,967] Info: Sending 1000017 bytes...
[2019-03-04 00:51:10,969] Error!!!! Unexpected exception! Traceback (most recent call last):
File "/usr/local/lib/python2.7/site-packages/boofuzz/sessions.py", line 645, in _main_fuzz_loop
self._fuzz_current_case(*fuzz_args)
File "/usr/local/lib/python2.7/site-packages/boofuzz/sessions.py", line 1331, in _fuzz_current_case
self.transmit_fuzz(target, self.fuzz_node, path[-1], callback_data=callback_data)
File "/usr/local/lib/python2.7/site-packages/boofuzz/sessions.py", line 1025, in transmit_fuzz
self.targets[0].send(data)
File "/usr/local/lib/python2.7/site-packages/boofuzz/sessions.py", line 148, in send
num_sent = self._target_connection.send(data=data)
File "/usr/local/lib/python2.7/site-packages/boofuzz/socket_connection.py", line 234, in send
num_sent = self._sock.send(data)
error: [Errno 41] Protocol wrong type for socket
Traceback (most recent call last):
File "http.py", line 29, in <module>
main()
File "http.py", line 25, in main
session.fuzz()
File "/usr/local/lib/python2.7/site-packages/boofuzz/sessions.py", line 543, in fuzz
self._main_fuzz_loop(self._iterate_protocol())
File "/usr/local/lib/python2.7/site-packages/boofuzz/sessions.py", line 645, in _main_fuzz_loop
self._fuzz_current_case(*fuzz_args)
File "/usr/local/lib/python2.7/site-packages/boofuzz/sessions.py", line 1331, in _fuzz_current_case
self.transmit_fuzz(target, self.fuzz_node, path[-1], callback_data=callback_data)
File "/usr/local/lib/python2.7/site-packages/boofuzz/sessions.py", line 1025, in transmit_fuzz
self.targets[0].send(data)
File "/usr/local/lib/python2.7/site-packages/boofuzz/sessions.py", line 148, in send
num_sent = self._target_connection.send(data=data)
File "/usr/local/lib/python2.7/site-packages/boofuzz/socket_connection.py", line 234, in send
num_sent = self._sock.send(data)
socket.error: [Errno 41] Protocol wrong type for socket
This works just fine for me. You could try to set a short sleep_time to prevent overloading your target or whatever else.
session = Session(
target=Target(
connection=SocketConnection("10.88.45.2", 80, proto='tcp')
),
sleep_time=0.1
)
Does it always raise that error on the same test case?
@SR4ven I'll give that a try and get back to you. It's not on the same test case as far as I can tell.
@serain Are you able to share the code that caused this issue (that is, the script you were using)? I'm curious because it would be nice for boofuzz to handle this error gracefully instead of crashing.
@jtpereyda I was getting this while fuzzing the reference DIAL server from this repo: https://github.com/Netflix/dial-reference
Both the server and boofuzz running on my macbook pro mojave 10.14.3
The code I used was your boofuzz-http repo.
I had simmilar issues when fuzzing a http server on a different device. Whenever that device fully crashed or I pulled the network plug, boofuzz did too. In my case this is due to missing exception handling when opening a target/socket fails. https://github.com/jtpereyda/boofuzz/blob/b19142cdf8524d29175e2327c5223d4516458c19/boofuzz/sessions.py#L1337 Without looking at the code I feel like socket errors will stop the run most of the time, when retrying would be better.
@SR4ven good point about retries. Makes sense to me. Might as well keep retrying if you're just gonna crash anyway.
oh looks like there is an issue: https://github.com/jtpereyda/boofuzz/issues/193
related: https://github.com/jtpereyda/boofuzz/issues/201
Reopening: looks like boofuzz should handle "Protocol wrong type for socket" errors