boofuzz icon indicating copy to clipboard operation
boofuzz copied to clipboard
verified publisher icon jtpereyda

Update sessions.py

Open siw3kosky opened this issue 3 years ago • 11 comments

  • Changed plain print about completion of fuzzing session into log info message.
  • Catching EOFError exception when all test cases are executed to not throw traceback.

siw3kosky avatar Mar 31 '22 09:03 siw3kosky

Thanks @siw3kosky ! In what situation does the EOFError happen? Sometimes the test cases can end and not throw an EOFError, right?

jtpereyda avatar Apr 01 '22 14:04 jtpereyda

Unfortunately, in my case, I always got Fuzzing session completed.... message followed by traceback in sessions.py in _main_fuzz_loop function in input() call with message EOFError: EOF when reading a line after last test case. So in my environment boofuzz is not finishing his job gracefully :(

siw3kosky avatar Apr 01 '22 16:04 siw3kosky

@siw3kosky how do you execute the boofuzz script? Is it possible that the terminal doesn't support stdin? EOFError indicates that an EOF was received before any other input. https://stackoverflow.com/questions/12547683/python-3-eof-when-reading-a-line-sublime-text-2-is-angry

Maybe we should put a try catch directly around input() for use cases where no stdin is available.

SR4ven avatar Apr 01 '22 21:04 SR4ven

I executed it directly from the ubuntu shell and via vscode. In both situations traceback appears at the end. I thing that it is not possible that the terminal doesn't support stdin.

Maybe we should put a try catch directly around input() for use cases where no stdin is available.

I think thats also a good solution, should I create new pull request? :)

siw3kosky avatar Apr 04 '22 08:04 siw3kosky

@siw3kosky We should trace down that error and figure out why it's happening -- ideally we shouldn't cause the exception in the first place if we can help it. Could you share a very simple script that reproduces the problem?

jtpereyda avatar Apr 04 '22 14:04 jtpereyda

Ok gentlemen, after a short investigation I know why it is happening.

Is it possible that the terminal doesn't support stdin?

I run my script with multiprocessing, so it is running in the background. When a process runs in the background, I can't send input to the process via terminal and hence input() can't work.

siw3kosky avatar Apr 06 '22 11:04 siw3kosky

@siw3kosky That makes sense! Which python library are you using for multithreading?

In the case of multithreading, does it still make sense to leave the web server open for a time?

jtpereyda avatar Apr 06 '22 14:04 jtpereyda

I am using multiprocessing. I think that it still make sense to leave the web server open for a time.

siw3kosky avatar Apr 06 '22 18:04 siw3kosky

@siw3kosky are you able to share an example script showing how you run the fuzzer with multiprocessing? This sounds like an interesting use case that would be cool to support.

If nothing else, I would wrap a try/except directly around the input() line. But I'm sure there's a more appropriate way to handle the use case.

jtpereyda avatar Apr 08 '22 03:04 jtpereyda

We could also detect if the shell is interactive or not. https://stackoverflow.com/questions/2356399/tell-if-python-is-in-interactive-mode But I guess simply trying and possibly catching the exception would be a more pythonic way. How would we keep the webinterface open in a multithreaded context? Sleep indefinitely?

SR4ven avatar Apr 08 '22 20:04 SR4ven

I think it depends on the threading scheme being used. I was hoping @siw3kosky could share the approach being used.

jtpereyda avatar Apr 09 '22 20:04 jtpereyda