Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Modifying target's port # in the current session! #73

Open
moein86 opened this issue Mar 25, 2015 · 2 comments
Open

Modifying target's port # in the current session! #73

moein86 opened this issue Mar 25, 2015 · 2 comments

Comments

@moein86
Copy link

moein86 commented Mar 25, 2015

Hi,

I am relatively new to Sulley and sorry for asking premature questions, in advance.

I am trying to write a fuzzer for a TFTP Server and I would like to go deep within the protocol. For example, below you may see my requests in order:

s.connect(s_get("wr_pkt")) # Fuzz the write request packet.

s.connect(s_get("rd_pkt")) # Fuzz the read request packet.

s.connect(s_get("data_pkt")) # Fuzz the data packet.

s.connect(s_get("ack_pkt")) # Fuzz the Ack packet.

s.connect(s_get("err_pkt")) # Fuzz the Error packet.

s.connect(s_get("wr_pkt"), s_get("data_pkt"), callback=Get_Block_no) # get the Ack packets from the server which contain block number, so that you can fuzzed data packets consecutively.

s.connect(s_get("rd_pkt"), s_get("ack_pkt"), callback=Get_Block_no) # Server responds back with the data, and you fuzz the ack packets consecutively.

s.connect(s_get("rd_pkt"), s_get("err_pkt")) # Server responds back with the data, and you fuzz the err packets consecutively.

So, when I send a request to the server on port 69, it responds back with a random port and establishes the connection on the new port. So, my problem is when the port number changes then I need to redirect my requests on the new port so that I can continue fuzzing deep into the protocol.

Is there any way to retrieve the new port from the socket and modify the target's port number in the current session?!

Your help would be so much appreciated!

Thanks.

@Fitblip
Copy link
Member

Fitblip commented Mar 29, 2015

Hrm, I don't know of a good way to do that off the top of my head.

What you COULD do is hook the low level socket functions on the client you're attempting to fuzz and always have it connect back on the same port.

@fuzzyboy
Copy link

fuzzyboy commented May 7, 2015

Hi,
I think you can change the port dynamically in the callback function.
By setting sess.target[0].port=new_port where sess is the session given as argument of the callback function.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants