工具:peach-3.1.124-win-x64-release, 免费community版本
peach安装后,Sample目录下有很多测试套的示例,基于这些测试套,本次试用String和Number两个常用的数据类型,并测试ConsoleHex,File和Tcp三个发包器。fuzz的数据结果,可以判断是否满足我们的要求,帮助我们了解和学习peach fuzz这个工具。
pits测试套内容,随意保存为.xml文件只peach的pits目录下:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 |
<?xml version="1.0" encoding="utf-8"?> <Peach xmlns="http://peachfuzzer.com/2012/Peach" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://peachfuzzer.com/2012/Peach ../peach.xsd"> <DataModel name="t_String"> <String value="Hello World!" /> </DataModel> <DataModel name="t_NumericString"> <String value="1234"> <Hint name="NumericString" value="true"/> </String> </DataModel> <DataModel name="t_Time"> <String value="2019" /> <String value="-" mutable="false"/> <String value="03" /> <String value="-" mutable="false"/> <String value="27"/> <String value=" " mutable="false"/> <String value="21"/> <String value=":" mutable="false"/> <String value="15"/> <String value=":" mutable="false"/> <String value="55"/> </DataModel> <DataModel name="t_Number"> <Number name="t_number" value="ABCDEF10ABCDEF10" valueType="hex" size="64" /> <String mutable="false" value="\n" /> </DataModel> <DataModel name="tcp_Recv"> <Blob/> </DataModel> <StateModel name="State" initialState="State1" > <State name="State1" > <!-- <Action type="output" > <DataModel ref="t_Number"/> </Action> <Action type="output" > <DataModel ref="t_String" /> </Action>--> <!-- <Action type="output" > <DataModel ref="t_Time" /> </Action>--> <Action type="output" > <DataModel ref="t_NumericString" /> </Action> <!--当Publish不是Tcp时,请注释掉input--> <Action type="input" > <DataModel ref="tcp_Recv" /> </Action> </State> </StateModel> <Test name="Default"> <StateModel ref="State"/> <!-- <Publisher class="ConsoleHex" />--> <!-- <Publisher class="File" > <Param name="FileName" value="number.log" /> <Param name="Overwrite" value="false" /> <Param name="Append" value="true" /> </Publisher>--> <Publisher class="Tcp" > <Param name="Host" value="127.0.0.1"/> <Param name="Port" value="9999"/> </Publisher> <Strategy class="Random"> <Param name="MaxFieldsToMutate" value="15"/> <Param name="SwitchCount" value="100"/> </Strategy> </Test> </Peach> <!-- end --> |
python3.6模拟Tcpv4服务端:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
import socketserver from hexdump import hexdump class srvHandle(socketserver.BaseRequestHandler): def handle(self): rdata = self.request.recv(4096) hexdump(rdata) self.request.send(b'received') if __name__ == "__main__": srvSocket = socketserver.TCPServer(('127.0.0.1', 9999), srvHandle) srvSocket.serve_forever() |