boofuzz icon indicating copy to clipboard operation
boofuzz copied to clipboard

Published 20 hours ago verified publisher icon jtpereyda

ProcessMonitor can't start target on Windows

Open fanjingwei opened this issue 3 years ago • 4 comments

I want to fuzz a web service with "ProcessMonitor".The OS is win10. The boofuzz run on python 3.8.3.The web server run on python 2.7.18. The fuzz code is like this in FuzzWithMon.py:

#!coding:utf8
from boofuzz import *

s_initialize(name="Request")
with s_block("Request-Line"):
    # LINE 1
    s_static("POST /BaseInfo HTTP/1.1\r\n", name="line1")

    # LINE 2
    s_static("Host: 127.0.0.1:8000\r\n", name="Host")

    # LINE 3  Content-Length:
    s_static('Content-Length')
    s_static(': ')
    s_size('data', output_format='ascii', fuzzable=True)    # 
    s_static('\r\n')

    # LINE 4-12
    ………………

with s_block('data'):
    s_static('{"name":')
    s_string('1')
    s_static(',"password":')
    s_string('2', max_len=1024)	
    s_static('}')

host = "127.0.0.1"
port = 8000

target_ip = "127.0.0.1"
start_cmd = ["python27.exe",  "C:\\software\\simpleWebServer\\webServer.py"] 
#start_cmd = ["calc.exe"] 
procMon = ProcessMonitor(target_ip, 26002)
procMon.set_options(start_commands=[start_cmd])
#procMon.set_options(proc_name="webServer")

session = Session(
    target=Target(
        connection=SocketConnection(host, port, proto='tcp'),
        monitor=[procMon]
    ),
    restart_sleep_time=0.1, 
    sleep_time=0.1,
)

session.connect(s_get('Request'))
session.fuzz()

I start fuzz like this:

  1. python process_monitor.py
  2. python FuzzWithMon.py

I can see the cmd is send to monitor but no web server is start,the print is like this:

C:\git_code\boofuzz>python process_monitor.py
[05:18.14] Process Monitor PED-RPC server initialized:
[05:18.14]       listening on:  0.0.0.0:26002
[05:18.14]       crash file:    C:\git_code\boofuzz\boofuzz-crash-bin
[05:18.14]       # records:     0
[05:18.14]       proc name:     None
[05:18.14]       log level:     1
[05:18.14] awaiting requests...
[05:18.22] updating start commands to: [['python27.exe', 'C:\\software\\simpleWebServer\\webServer.py']]

Has anyone ever had the same problem?thx

fanjingwei avatar Jun 22 '21 09:06 fanjingwei

Strange. Does starting calc.exe work? Which boofuzz version/commit are you using?

SR4ven avatar Jun 29 '21 20:06 SR4ven

No,just print "[09:57.47] updating start commands to: [['calc.exe']]" TmT The boofuzz version is 0.3.0, installed by pip

fanjingwei avatar Jun 30 '21 01:06 fanjingwei

Ok I was able to reproduce that problem on Windows; Linux works fine.

I currently don't have any debugger on Windows but I'll look into it when I find some time.

Thanks for reporting @fanjingwei!

SR4ven avatar Jun 30 '21 20:06 SR4ven

thx

fanjingwei avatar Jul 01 '21 03:07 fanjingwei