0

I made a simple TCP fuzzer in Python. I need it to be able to receive some response and if I didn't get the response, break the loop. My code is this:

import socket
from time import sleep
import sys

ip = raw_input ("please insert host ip: ")
port = input ("please insert port to fuzz: ")
packet = raw_input ("what string would you like to fuzz with? :  ")
multi = input ("in what jumps would you liike to multiply the string ? (10 = A*10) : ")
host = ip, port
s = socket.socket()
char = packet * multi
a = 1

try:
    while a > 0:
        s.connect((host))
        s.send(packet)
        sleep(1) 
        print 'fuzzing param %s' % (packet)
        packet = char + packet 
        s.close()
except (Exception):
    print "Connection lost for some reason"'

But when I run the program I get this error:

please insert host ip: 10.0.0.138
please insert port to fuzz: 80
what string would you like to fuzz with? :  A
in what jumps would you liike to multiply the string ? (10 = A*10) : 2
fuzzing param A
Connection lost

which is weird because it just suppose to reconnect in an endless loop , (i know the server didn't crush)

4

2 に答える 2

2

The remote endpoint simply hung up, probably because the data you send doesn't match the format it expects.

You can either create a new connection every time the remote end hangs up, or send a data in the format that the remote end expects. For example, if the remote end is an HTTP server, you may want to send the request line first, and then the fuzzed part, like this:

GET / HTTP/1.0
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
于 2012-07-15T10:41:55.087 に答える
1

When you fuzz testing (and in general) it is very important to handle errors. You should expect that something will get wrong when you are sending Gibberish to your server. So I suggest that you wrap the calls with try ... except ... finally: s.close() clause. And print debug messages to see when you are fail to send and start see why - You don't know how the server react to what you send, and you might just have killed the server after the first call...

于 2012-07-15T11:16:21.017 に答える