Releases: jtpereyda/boofuzz
Releases · jtpereyda/boofuzz
v0.4.2 -- Cleanup, maintenance and fixes
Features
- Remove six compatibility module.
- Remove Python 2 compatibility code.
- Remove specifying object inheritance in classes.
- Added Web UI listening on specific IP address.
- Added Python 3.11 compatibility.
Fixes
- Specified encoding on file write rather than assuming default encoding.
- Changed type of
default_value
from string to bytes forFromFile
. s_update
primitive was out of date.- The minimum supported Python version is now 3.8.
- Removed duplicates from
BitField
primitive. - Fixed unwanted deprecation warning when using
Session.fuzz(name=name)
. - Changed type of
dep_value
argument ofBlock
to bytes and added type checks. - Split sessions.py into multiple files.
- Using poetry as package build system.
v0.4.1 -- Custom log database location, NETCONF connection and fixes
Features
- Added support for fuzzing NETCONF servers with the
NETCONFConnection
class. - Add support and tests for Python 3.10.
- Added
Session
argdb_filename
to modify the location of the log database.
Fixes
- Fixed check for when to enable the web app.
- Documented the possibility to disable the web app.
- Correctly initialize all children of a request which inherits from
FuzzableBlock
. - Added type checking for arguments of
Bytes
primitive to prevent incorrect use. - Fixed TypeError in
s_binary
initialization. - Remove redundant unicode strings.
v0.4.0 -- Combinatorial fuzzing and fuzzing CLI
Features
- Fuzzing CLI -- Use main_helper() to use boofuzz's generic fuzzing CLI with your script.
- Combinatorial fuzzing -- now fuzzes multiple mutations at once by default.
- Test cases can now be specified and re-run by name.
- Implemented visual request-graph rendering functions for Session.
- Added to web UIL: runtime, exec speed, current test case name.
- Added simple custom checksum and example usage.
- Added
Simple
primitive that uses only the specified values for fuzzing. - Added
Float
primitive with support for IEEE 754 encoding. - Added an example for s_float/Float usage.
Fixes
- Clarified documentation of custom checksum function for
Checksum
primitive. - String and RandomData primitives now use a local and independent instance of
random
. - The minimum supported Python version is now 3.6.
- Fixed two memory leaks in the fuzz logger.
v0.3.0 -- Huge memory optimization
This release brings some huge memory optimizations as we are now using iterators to generate the test case data. Boofuzz will no longer munch Gigabytes of RAM when fuzzing with large protocol definitions!
Also check out the new object orientated method for defining protocols here.
Features
- Memory optimization: Efficient mutation generation and smarter string reuse -- decrease memory consumption by orders of magnitude.
Aligned
block: Aligns content length to multiple of certain number of bytes.- Relative names: Name references for
Checksum
,Size
, etc. now resolve absolute and relative names. Block and primitive
names no longer need to be globally unique within a message, they only need to be locally unique within a block. - Passing data between messages: Callbacks now have a
TestCaseContext
object to which one can save data to be used
later in the test case.TestCaseSessionReference
can be passed as a default value in a protocol definition. The name
it references must have been saved by the time that message in the protocol is reached. Fuzzable
rewrite: Simpler definitions for new fuzz primitives. Seestatic.py
for an example of a very simple primitive.- Protocol definition: Protocols can now be defined with an object oriented rather than static approach.
- Independent mutation and encoding steps: Will enable multiple mutations and code coverage feedback.
- Procmon: Additional debug steps. Partial backwards compatibility for old interface.
ProcessMonitorLocal
allows running procmon as part of fuzzer process.- Network monitor: improved network interface discovery (Linux support).
- Added support for fuzzing Unix sockets with the
UnixSocketConnection
class. - Added metadata to ProtocolSession to support callbacks --
current_message
,previous_message
. - All primitive arguments are now optional keyword arguments.
Fixes
- Various web interface fixes.
- Various refactors and simplifications.
- Fewer duplicates from
Group
primitives. - Network monitor: fixed data_bytes calculation and PcapThread synchronization.
- Fixed a crash when using the network monitor.
- Session can now be "quiet" by passing an empty list of loggers.
- Process Monitor: fixed Thread.isAlive for Python 3.9 compatibility.
- Correctly truncate values of the string primitive when max_len or size is set.
- The string primitive will no longer generate duplicates when max_len or size is set.
- Greatly improved string to bytes conversion speed.
v0.2.1 -- TFTP Example and Fixes
Features
- Added simple TFTP fuzzer example.
Fixes
- Fixed UDPSocketConnection data truncation when sending more data than the socket supports.
- Fixed execution of procmon stop_commands.
- Fixed TCP and SSL server connections.
v0.2.0 -- Monitor and Connection Interface Rework & Fixes
v0.2.0
Features
- Rewrote and split the SocketConnection class into individual classes per socket type.
SocketConnection
is now deprecated. Use the classes derived fromBaseSocketConnection
instead.- Added support for receiving on raw Layer 2 and Layer 3 connections.
- Layer 2 and Layer 3 connections may now use arbitrary payload / MTU sizes.
- Moved connection related modules into new
connections
submodule. - Added the ability to repeat sending of packages within a given time or count.
- Added optional timeout and threshold to quit infinite connection retries.
- Reworked Monitors, consolidated interface. Breaking change: session no longer has netmon_options and procmon_options.
SessionInfo
has had attributes renamed; procmon_results and netmon_results are deprecated and now aliases for monitor_results and monitor_data respectively.- New
BoofuzzFailure
exception type allows callback methods to signal a failure that should halt the current test case. - Added
capture_output
option to process monitor to capture target process stderr/stdout . - Added post-start-target callbacks (called every time a target is started or restarted).
- Added method to gracefully stop PED-RPC Server.
- Added new boofuzz logo and favicon to docs and webinterface.
- Added
FileConnection
to dump messages to files. - Removed deprecated session arguments
fuzz_data_logger
,log_level
,logfile
,logfile_level
andlog()
. - Removed deprecated logger
FuzzLoggerFile
. crc32c
is no longer a required package. Install manually if needed.
Fixes
- Fixed size of s_size block when output is ascii.
- Fixed issue with tornado on Python 3.8 and Windows.
- Fixed various potential type errors.
- Renamed
requests
folder torequest_definitions
because it shadowed the name of therequests
python module. - Examples are up to date with current Boofuzz version.
- Modified timings on serial_connection unit tests to improve test reliability.
- Refactored old unit-tests.
- Fixed network monitor compatibility with Python 3.
- Minor console GUI optimizations.
- Fixed crash_threshold_element handling if blocks are used.
- Fixed many bugs in which a failure would not stop the test case evaluation.
v0.1.6 -- Lots of Tweaks & Fixes
v0.1.6
Features
- New primitive
s_bytes
which fuzzes an arbitrary length binary value (similiar tos_string
). - We are now using
Black
for code style standardization. - Compatibility for Python 3.8
- Added crc32c as checksum algorithm (Castagnoli).
- Added favicon for web interface.
- Pushed Tornado to 5.x and unpinned Flask.
Fixes
- Test cases were not being properly closed when using the check_message() functionality.
- Some code style changes to meet PEP8.
s_group
primitive was not accepting empty default value.- Timeout during opening TCP connection now raises BoofuzzTargetConnectionFailedError exception.
- SSL/TLS works again. See
examples/fuzz-ssl-server.py
andexamples/fuzz-ssl-client.py
. - Dropped six.binary_type in favor of b"" format.
- Fixed process monitor handling of backslashes in Windows start commands.
- Fixed and documented
boo open
. - Fixed receive function in
fuzz_logger_curses
. - Installing boofuzz with
sudo
is no longer recommended, use the--user
option of pip instead. - Fixed setting socket timeout options on Windows.
- If all sockets are exhausted, repeatedly try fuzzing for 4 minutes before failing.
- Fixed CSV logger send and receive data decoding.
- Handle SSL-related exception. Added
ignore_connection_ssl_errors
session attribute that can
be set to True to ignore SSL-related error on a test case. - Fixed
s_from_file
decoding in Python 2 (the encoding parameter is now depreciated). - Updated documentation of
s_checksum
. It is possible to use a custom algorithm with this block.
v0.1.5 -- Text UI, Python 3 Compatibility, and Mechanical Tweaks
v0.1.5
Features
- New curses logger class to provide a console gui similar to the webinterface. Use the session option
console_gui
to enable it.
This has not been tested under Windows! - Compatibility for Python 3
- Large test cases are now truncated, unless a failure is detected.
- When a target fails to respond after restart, boofuzz will now continue to restart instead of crashing.
- New Session option
keep_web_open
to allow analyzing the test results after test completion. - Process monitor creates new crash file for each run by default.
- Long lines now wrap in web view; longer lines no longer need to be truncated.
- Process monitor now stores crash bins in JSON format instead of pickled format.
- Process monitor in Windows will use
taskkill -F
iftaskkill
fails.
Fixes
- Web server no longer crashes when asked for a non-existing test case.
- EINPROGRESS socket error is now handled while opening a socket (note: this sometimes-transient error motivated the move to retry upon connection failure)
v0.1.4 -- Save Your Hard Drive
v0.1.4
Features
- New Session options
restart_callbacks
,pre_send_callbacks
, andpost_test_case_callbacks
to hand over custom callback functions. - New Session option
fuzz_db_keep_only_n_pass_cases
. This allowes saving only n test cases preceding a failure or error to the database. - Added logic to find next available port for web interface or disable the web interface.
- Removed sleep logs when sleep time is zero.
Fixes
- Windows process monitor now handles combination of proc_name and/or start_commands more reasonably
- Windows process monitor handles certain errors more gracefully
- Fixed target close behavior so post send callbacks can use the target.
- Fixed a dependency issue in installation.
v0.1.3 Client Fuzzing
v0.1.3
Features
- Socket Connections now allow client fuzzing.
- Log only the data actually sent, when sending is truncated. Helps reduce database size, especially when fuzzing layer 2 or 3.
Target
recv
function now accepts amax_recv_bytes
argument.
Fixes
- Fixed install package -- now includes JavaScript files.