Skip to content

Releases: jtpereyda/boofuzz

v0.4.2 -- Cleanup, maintenance and fixes

06 Oct 23:34
8e2aac7
Compare
Choose a tag to compare

Features

  • Remove six compatibility module.
  • Remove Python 2 compatibility code.
  • Remove specifying object inheritance in classes.
  • Added Web UI listening on specific IP address.
  • Added Python 3.11 compatibility.

Fixes

  • Specified encoding on file write rather than assuming default encoding.
  • Changed type of default_value from string to bytes for FromFile.
  • s_update primitive was out of date.
  • The minimum supported Python version is now 3.8.
  • Removed duplicates from BitField primitive.
  • Fixed unwanted deprecation warning when using Session.fuzz(name=name).
  • Changed type of dep_value argument of Block to bytes and added type checks.
  • Split sessions.py into multiple files.
  • Using poetry as package build system.

v0.4.1 -- Custom log database location, NETCONF connection and fixes

30 Jan 21:35
dbe720a
Compare
Choose a tag to compare

Features

  • Added support for fuzzing NETCONF servers with the NETCONFConnection class.
  • Add support and tests for Python 3.10.
  • Added Session arg db_filename to modify the location of the log database.

Fixes

  • Fixed check for when to enable the web app.
  • Documented the possibility to disable the web app.
  • Correctly initialize all children of a request which inherits from FuzzableBlock.
  • Added type checking for arguments of Bytes primitive to prevent incorrect use.
  • Fixed TypeError in s_binary initialization.
  • Remove redundant unicode strings.

v0.4.0 -- Combinatorial fuzzing and fuzzing CLI

30 Jun 20:40
Compare
Choose a tag to compare

Features

  • Fuzzing CLI -- Use main_helper() to use boofuzz's generic fuzzing CLI with your script.
  • Combinatorial fuzzing -- now fuzzes multiple mutations at once by default.
  • Test cases can now be specified and re-run by name.
  • Implemented visual request-graph rendering functions for Session.
  • Added to web UIL: runtime, exec speed, current test case name.
  • Added simple custom checksum and example usage.
  • Added Simple primitive that uses only the specified values for fuzzing.
  • Added Float primitive with support for IEEE 754 encoding.
  • Added an example for s_float/Float usage.

Fixes

  • Clarified documentation of custom checksum function for Checksum primitive.
  • String and RandomData primitives now use a local and independent instance of random.
  • The minimum supported Python version is now 3.6.
  • Fixed two memory leaks in the fuzz logger.

v0.3.0 -- Huge memory optimization

28 Feb 14:13
a23b3dd
Compare
Choose a tag to compare

This release brings some huge memory optimizations as we are now using iterators to generate the test case data. Boofuzz will no longer munch Gigabytes of RAM when fuzzing with large protocol definitions!
Also check out the new object orientated method for defining protocols here.

Features

  • Memory optimization: Efficient mutation generation and smarter string reuse -- decrease memory consumption by orders of magnitude.
  • Aligned block: Aligns content length to multiple of certain number of bytes.
  • Relative names: Name references for Checksum, Size, etc. now resolve absolute and relative names. Block and primitive
    names no longer need to be globally unique within a message, they only need to be locally unique within a block.
  • Passing data between messages: Callbacks now have a TestCaseContext object to which one can save data to be used
    later in the test case. TestCaseSessionReference can be passed as a default value in a protocol definition. The name
    it references must have been saved by the time that message in the protocol is reached.
  • Fuzzable rewrite: Simpler definitions for new fuzz primitives. See static.py for an example of a very simple primitive.
  • Protocol definition: Protocols can now be defined with an object oriented rather than static approach.
  • Independent mutation and encoding steps: Will enable multiple mutations and code coverage feedback.
  • Procmon: Additional debug steps. Partial backwards compatibility for old interface.
  • ProcessMonitorLocal allows running procmon as part of fuzzer process.
  • Network monitor: improved network interface discovery (Linux support).
  • Added support for fuzzing Unix sockets with the UnixSocketConnection class.
  • Added metadata to ProtocolSession to support callbacks -- current_message, previous_message.
  • All primitive arguments are now optional keyword arguments.

Fixes

  • Various web interface fixes.
  • Various refactors and simplifications.
  • Fewer duplicates from Group primitives.
  • Network monitor: fixed data_bytes calculation and PcapThread synchronization.
  • Fixed a crash when using the network monitor.
  • Session can now be "quiet" by passing an empty list of loggers.
  • Process Monitor: fixed Thread.isAlive for Python 3.9 compatibility.
  • Correctly truncate values of the string primitive when max_len or size is set.
  • The string primitive will no longer generate duplicates when max_len or size is set.
  • Greatly improved string to bytes conversion speed.

v0.2.1 -- TFTP Example and Fixes

19 Oct 22:20
2d6c768
Compare
Choose a tag to compare

Features

  • Added simple TFTP fuzzer example.

Fixes

  • Fixed UDPSocketConnection data truncation when sending more data than the socket supports.
  • Fixed execution of procmon stop_commands.
  • Fixed TCP and SSL server connections.

v0.2.0 -- Monitor and Connection Interface Rework & Fixes

03 Jun 23:40
0c03ee0
Compare
Choose a tag to compare

v0.2.0

Features

  • Rewrote and split the SocketConnection class into individual classes per socket type.
  • SocketConnection is now deprecated. Use the classes derived from BaseSocketConnection instead.
  • Added support for receiving on raw Layer 2 and Layer 3 connections.
  • Layer 2 and Layer 3 connections may now use arbitrary payload / MTU sizes.
  • Moved connection related modules into new connections submodule.
  • Added the ability to repeat sending of packages within a given time or count.
  • Added optional timeout and threshold to quit infinite connection retries.
  • Reworked Monitors, consolidated interface. Breaking change: session no longer has netmon_options and procmon_options.
  • SessionInfo has had attributes renamed; procmon_results and netmon_results are deprecated and now aliases for monitor_results and monitor_data respectively.
  • New BoofuzzFailure exception type allows callback methods to signal a failure that should halt the current test case.
  • Added capture_output option to process monitor to capture target process stderr/stdout .
  • Added post-start-target callbacks (called every time a target is started or restarted).
  • Added method to gracefully stop PED-RPC Server.
  • Added new boofuzz logo and favicon to docs and webinterface.
  • Added FileConnection to dump messages to files.
  • Removed deprecated session arguments fuzz_data_logger, log_level, logfile, logfile_level and log().
  • Removed deprecated logger FuzzLoggerFile.
  • crc32c is no longer a required package. Install manually if needed.

Fixes

  • Fixed size of s_size block when output is ascii.
  • Fixed issue with tornado on Python 3.8 and Windows.
  • Fixed various potential type errors.
  • Renamed requests folder to request_definitions because it shadowed the name of the requests python module.
  • Examples are up to date with current Boofuzz version.
  • Modified timings on serial_connection unit tests to improve test reliability.
  • Refactored old unit-tests.
  • Fixed network monitor compatibility with Python 3.
  • Minor console GUI optimizations.
  • Fixed crash_threshold_element handling if blocks are used.
  • Fixed many bugs in which a failure would not stop the test case evaluation.

v0.1.6 -- Lots of Tweaks & Fixes

09 Dec 16:03
46d9de1
Compare
Choose a tag to compare

v0.1.6

Features

  • New primitive s_bytes which fuzzes an arbitrary length binary value (similiar to s_string).
  • We are now using Black for code style standardization.
  • Compatibility for Python 3.8
  • Added crc32c as checksum algorithm (Castagnoli).
  • Added favicon for web interface.
  • Pushed Tornado to 5.x and unpinned Flask.

Fixes

  • Test cases were not being properly closed when using the check_message() functionality.
  • Some code style changes to meet PEP8.
  • s_group primitive was not accepting empty default value.
  • Timeout during opening TCP connection now raises BoofuzzTargetConnectionFailedError exception.
  • SSL/TLS works again. See examples/fuzz-ssl-server.py and examples/fuzz-ssl-client.py.
  • Dropped six.binary_type in favor of b"" format.
  • Fixed process monitor handling of backslashes in Windows start commands.
  • Fixed and documented boo open.
  • Fixed receive function in fuzz_logger_curses.
  • Installing boofuzz with sudo is no longer recommended, use the --user option of pip instead.
  • Fixed setting socket timeout options on Windows.
  • If all sockets are exhausted, repeatedly try fuzzing for 4 minutes before failing.
  • Fixed CSV logger send and receive data decoding.
  • Handle SSL-related exception. Added ignore_connection_ssl_errors session attribute that can
    be set to True to ignore SSL-related error on a test case.
  • Fixed s_from_file decoding in Python 2 (the encoding parameter is now depreciated).
  • Updated documentation of s_checksum. It is possible to use a custom algorithm with this block.

v0.1.5 -- Text UI, Python 3 Compatibility, and Mechanical Tweaks

26 May 05:53
583c8b2
Compare
Choose a tag to compare

v0.1.5

Features

  • New curses logger class to provide a console gui similar to the webinterface. Use the session option console_gui to enable it.
    This has not been tested under Windows!
  • Compatibility for Python 3
  • Large test cases are now truncated, unless a failure is detected.
  • When a target fails to respond after restart, boofuzz will now continue to restart instead of crashing.
  • New Session option keep_web_open to allow analyzing the test results after test completion.
  • Process monitor creates new crash file for each run by default.
  • Long lines now wrap in web view; longer lines no longer need to be truncated.
  • Process monitor now stores crash bins in JSON format instead of pickled format.
  • Process monitor in Windows will use taskkill -F if taskkill fails.

Fixes

  • Web server no longer crashes when asked for a non-existing test case.
  • EINPROGRESS socket error is now handled while opening a socket (note: this sometimes-transient error motivated the move to retry upon connection failure)

v0.1.4 -- Save Your Hard Drive

12 Mar 14:53
b8356ee
Compare
Choose a tag to compare

v0.1.4

Features

  • New Session options restart_callbacks, pre_send_callbacks, and post_test_case_callbacks to hand over custom callback functions.
  • New Session option fuzz_db_keep_only_n_pass_cases. This allowes saving only n test cases preceding a failure or error to the database.
  • Added logic to find next available port for web interface or disable the web interface.
  • Removed sleep logs when sleep time is zero.

Fixes

  • Windows process monitor now handles combination of proc_name and/or start_commands more reasonably
  • Windows process monitor handles certain errors more gracefully
  • Fixed target close behavior so post send callbacks can use the target.
  • Fixed a dependency issue in installation.

v0.1.3 Client Fuzzing

18 Feb 20:33
a1c1e5d
Compare
Choose a tag to compare

v0.1.3

Features

  • Socket Connections now allow client fuzzing.
  • Log only the data actually sent, when sending is truncated. Helps reduce database size, especially when fuzzing layer 2 or 3.
  • Target recv function now accepts a max_recv_bytes argument.

Fixes

  • Fixed install package -- now includes JavaScript files.