Comments (8)
mxmssh
commented on July 2, 2024
Hi, thanks for you interest in Manul. There is experimental support for stdin fuzzing. check it out here:
Line 86 in 8dd10a1
from manul.
Techno-Fox
commented on July 2, 2024
Hey is that for stdin or passing commands ?
In other news I tried that but it still wants the @@ and I get an error.
This error only occures when I uncomment cmd_fuzzing = True
Traceback (most recent call last):
File "/usr/lib/python3.7/multiprocessing/process.py", line 297, in _bootstrap
self.run()
File "/usr/lib/python3.7/multiprocessing/process.py", line 99, in run
self._target(*self._args, **self._kwargs)
File "./manul.py", line 993, in run_fuzzer_instance
fuzzer_instance.run() # never return
File "./manul.py", line 851, in run
self.dry_run()
File "./manul.py", line 594, in dry_run
cmd = self.prepare_cmd_to_run(full_input_file_path, False)
File "./manul.py", line 482, in prepare_cmd_to_run
final_string = final_string.replace("@@", target_file_path)
TypeError: replace() argument 2 must be str, not bytearray
The file I'm trying to fuzz is just a little test code to check the fuzzer.
from manul.
Techno-Fox
commented on July 2, 2024
Test code as in a simple buffer overflow to test the stdin
from manul.
mxmssh
commented on July 2, 2024
Well, that's a bug if it doesn't work :)
from manul.
Techno-Fox
commented on July 2, 2024
That's why I'm reporting it. I uncommented cmd_fuzzing and this happens. I actually might not be able to do a PR in this case, because I don't know the issue. You could try a str(target_file_path), but what do I know. You programmed this, you're obviously more quilified than me.
from manul.
Techno-Fox
commented on July 2, 2024
Am supposed to uncomment it are leave it commented?
from manul.
Techno-Fox
commented on July 2, 2024
Do you need help fixing the bug? Can't say I can help much. I know python, but I don't know how you programmed this. I would have to study your codying style. Not to mention study how manul identifies input as a "crash".
from manul.
huornlmj
commented on July 2, 2024
I'm also keen on using Manul if it can provide stdin like afl does with an afl-like "--" option. In my scenario I have a simple that when run, prompts for a user name and password but that has a deliberate buffer overflow issue. afl finds it when executed like this: afl-fuzz -i in/ -o out/ <binary>
I tried the Manul command line option as the closest fit (i.e. not actually stdin) and got the same crash as @KittyTechnoProgrammer . Python 3.6 on Ubuntu 18.04 LTS using a clean purpose made virtual environment for Manul testing.
from manul.
Related Issues (20)
- AttributeError: 'ModuleNotFoundError' object has no attribute 'message'
- ModuleNotFoundError: No module named 'adamsa' HOT 2
- Suggest : Stdin option (Like afl) HOT 2
- Suggest : verbose option HOT 3
- Crashes saved aren't really crashes HOT 2
- Windows test32/64 DR client crash
- windows issues HOT 4
- Add Radamsa as a library HOT 1
- It seems afl mutator never grows a buffer HOT 14
- It seems manul afl new path not increase on windows, but winafl can detected more path for same exe HOT 14
- Manul reports exception instead of crash in forkmode
- Integrate manul with FuzzBench HOT 1
- Add/test support of __afl_persistent_loop
- test_network.exe fuzzing config?
- Problem with crash detection in the fuzzstati0n/fuzzgoat project? HOT 2
- Performance manul vs afl++ HOT 1
- real path of input file HOT 7
- [Linux] Some python bugs (with fix) in dbi driver
- [linux] dbi mode doesn't work (as expected) HOT 1
- FileNotFoundError: [Errno 2] No such file or directory: 'manul.config'
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from manul.