Comments (8)
Hi, thanks for you interest in Manul. There is experimental support for stdin fuzzing. check it out here:
Line 86 in 8dd10a1
from manul.
Hey is that for stdin or passing commands ?
In other news I tried that but it still wants the @@ and I get an error.
This error only occures when I uncomment cmd_fuzzing = True
Traceback (most recent call last):
File "/usr/lib/python3.7/multiprocessing/process.py", line 297, in _bootstrap
self.run()
File "/usr/lib/python3.7/multiprocessing/process.py", line 99, in run
self._target(*self._args, **self._kwargs)
File "./manul.py", line 993, in run_fuzzer_instance
fuzzer_instance.run() # never return
File "./manul.py", line 851, in run
self.dry_run()
File "./manul.py", line 594, in dry_run
cmd = self.prepare_cmd_to_run(full_input_file_path, False)
File "./manul.py", line 482, in prepare_cmd_to_run
final_string = final_string.replace("@@", target_file_path)
TypeError: replace() argument 2 must be str, not bytearray
The file I'm trying to fuzz is just a little test code to check the fuzzer.
from manul.
Test code as in a simple buffer overflow to test the stdin
from manul.
Well, that's a bug if it doesn't work :)
from manul.
That's why I'm reporting it. I uncommented cmd_fuzzing and this happens. I actually might not be able to do a PR in this case, because I don't know the issue. You could try a str(target_file_path), but what do I know. You programmed this, you're obviously more quilified than me.
from manul.
Am supposed to uncomment it are leave it commented?
from manul.
Do you need help fixing the bug? Can't say I can help much. I know python, but I don't know how you programmed this. I would have to study your codying style. Not to mention study how manul identifies input as a "crash".
from manul.
I'm also keen on using Manul if it can provide stdin like afl does with an afl-like "--" option. In my scenario I have a simple that when run, prompts for a user name and password but that has a deliberate buffer overflow issue. afl finds it when executed like this: afl-fuzz -i in/ -o out/ <binary>
I tried the Manul command line option as the closest fit (i.e. not actually stdin) and got the same crash as @KittyTechnoProgrammer . Python 3.6 on Ubuntu 18.04 LTS using a clean purpose made virtual environment for Manul testing.
from manul.
Related Issues (20)
- AttributeError: 'ModuleNotFoundError' object has no attribute 'message'
- ModuleNotFoundError: No module named 'adamsa' HOT 2
- Suggest : Stdin option (Like afl) HOT 2
- Suggest : verbose option HOT 3
- Crashes saved aren't really crashes HOT 2
- Windows test32/64 DR client crash
- windows issues HOT 4
- Add Radamsa as a library HOT 1
- It seems afl mutator never grows a buffer HOT 14
- It seems manul afl new path not increase on windows, but winafl can detected more path for same exe HOT 14
- Manul reports exception instead of crash in forkmode
- Integrate manul with FuzzBench HOT 1
- Add/test support of __afl_persistent_loop
- test_network.exe fuzzing config?
- Problem with crash detection in the fuzzstati0n/fuzzgoat project? HOT 2
- Performance manul vs afl++ HOT 1
- real path of input file HOT 7
- [Linux] Some python bugs (with fix) in dbi driver
- [linux] dbi mode doesn't work (as expected) HOT 1
- FileNotFoundError: [Errno 2] No such file or directory: 'manul.config'
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from manul.