This is an attempt at building a fuzzer that uses American Fuzzy Lop's instrumentation, but in Python. Currently it doesn't do much.
As of today, I hadn't rewritten afl-gcc/afl-as, so you need to use American
self.addEventListener('fetch', function(ev) { | |
if (ev.request.url.endsWith('.worker')) { | |
ev.respondWith(new Response('<strong>Ten URL istnieje!</strong>', | |
{headers: | |
{"Content-type":"text/html"} | |
})); | |
} | |
}); |
<!doctype html> | |
<html> | |
<head> | |
<script> | |
navigator.serviceWorker.register('/sw.js').catch(e=>console.error('Ups!' + e)) | |
</script> | |
</head> | |
<body> | |
Tutaj nic nie ma. | |
</body> |
<!doctype html> | |
<html> | |
<head> | |
<script> | |
navigator.serviceWorker.register('/sw.js').catch(e=>console.error('Ups!' + e)) | |
</script> | |
</head> | |
<body> | |
Tutaj nic nie ma. | |
</body> |
#!/usr/bin/python | |
import subprocess | |
import threading | |
import Queue | |
import math | |
SOME_LIST = [1,2,3] | |
WAIT_TIMEOUT = 1.0 |
#!/usr/bin/env python | |
import os | |
import subprocess | |
import re | |
fname = 'debian/dists/testing/main/binary-amd64/Packages.xz'.replace('/', '_') | |
cmd = """ | |
curl http://ftp.vectranet.pl/debian/dists/testing/main/binary-amd64/Packages.xz | \ | |
xzcat > """ + fname |
vimdiff <( awk -F$'\t' '{ printf "%s\t%s\n", $1, $2 }' < ~/.nmap/nmap-services ) iana3.csv |
diff --git a/afl-fuzz.c b/afl-fuzz.c | |
index ad9da19..adb233f 100644 | |
--- a/afl-fuzz.c | |
+++ b/afl-fuzz.c | |
@@ -44,6 +44,7 @@ | |
#include <fcntl.h> | |
#include <termios.h> | |
#include <dlfcn.h> | |
+#include <netdb.h> | |
execve("/home/d/workspace/afl-1.86b/afl-cmin", ["/home/d/workspace/afl-1.86b/afl-"..., "-i", "i", "-o", "o2", "-m", "none", "-t", "800", "--", "./psql", "host=127.0.0.1 port=5432 dbname="..., "-c", "select now();"], [/* 58 vars */]) = 0 | |
brk(0) = 0x1013000 | |
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f231cb05000 | |
open("/home/d/workspace/preeny/x86_64-redhat-linux/desock_dup.so", O_RDONLY|O_CLOEXEC) = 3 | |
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@\16\0\0\0\0\0\0"..., 832) = 832 | |
fstat(3, {st_mode=S_IFREG|0775, st_size=13669, ...}) = 0 | |
mmap(NULL, 2105536, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f231c902000 | |
mprotect(0x7f231c904000, 2093056, PROT_NONE) = 0 | |
mmap(0x7f231cb03000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1000) = 0x7f231cb03000 | |
close(3) = 0 |
execve("/usr/bin/psql", ["psql", "host=localhost port=5432 dbname="..., "-c", "select now();"], [/* 83 vars */]) = 0 | |
brk(0) = 0x1753000 | |
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f291ce4c000 | |
open("/home/d/workspace/preeny/x86_64-redhat-linux/desock.so", O_RDONLY|O_CLOEXEC) = 3 | |
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`\24\0\0\0\0\0\0"..., 832) = 832 | |
fstat(3, {st_mode=S_IFREG|0775, st_size=18730, ...}) = 0 | |
mmap(NULL, 2241008, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f291cc28000 | |
mprotect(0x7f291cc2b000, 2093056, PROT_NONE) = 0 | |
mmap(0x7f291ce2a000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f291ce2a000 | |
mmap(0x7f291ce2c000, 127472, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f291ce2c000 |