61 lines
2.6 KiB
Plaintext
61 lines
2.6 KiB
Plaintext
|
|
The fwknop project supports various fuzzing strategies, and one of the most
|
|
important is usage of the 'American Fuzzy Lop' (AFL) fuzzer written by Michal
|
|
Zalewski (see: https://code.google.com/p/american-fuzzy-lop/). Because AFL is
|
|
not designed to handle encryption schemes (see the README included in the AFL
|
|
sources for more information on this), a special --enable-afl-fuzzing command
|
|
line switch is available to the fwknop autoconf configure script. This argument
|
|
allows encryption and base64 encoding to be bypassed when feeding SPA packet
|
|
data to fwknopd via stdin. It is the feature that enables AFL fuzzing.
|
|
|
|
This directory contains enabling scripts in order to make it easy to fuzz
|
|
fwknop with AFL. It is assumed that AFL is installed and in your path. The
|
|
files are in this directory are organized as follows:
|
|
|
|
afl-fuzzing.in - Directory for initial AFL test case(s).
|
|
afl-fuzzing.out - Directory for AFL results after a fuzzing run.
|
|
|
|
afl-compile.sh - Script to compile fwknop underneath afl-gcc.
|
|
afl-fuzzing.in - AFL input directory which contains input test cases.
|
|
afl-fuzzing.out - AFL output directory.
|
|
afl-run.sh - Script to invoke AFL with proper command line arguments to
|
|
fwknopd for fuzzing enablement.
|
|
|
|
For gcov code coverage only:
|
|
|
|
afl-compile-code-coverage.sh - Compile fwknop with code coverage support.
|
|
afl-gen-code-coverage.sh - Generate code coverage report after running
|
|
afl-run.sh (and with coverage support
|
|
compiled in)
|
|
|
|
Here is an example of what fwknopd produces when compiled for AFL support when
|
|
a dummy SPA packet is provided in non-encoded/encrypted form via fwknopd's
|
|
stdin:
|
|
|
|
$ ./fwknopd-stdin-test.sh
|
|
+ SPA_PKT=1716411011200157:root:1397329899:2.0.1:1:127.0.0.2,tcp/22:AAAAA
|
|
+ LD_LIBRARY_PATH=../../lib/.libs ../../server/.libs/fwknopd -c ../conf/default_fwknopd.conf -a ../conf/default_access.conf -A -f -t
|
|
+ echo -n 1716411011200157:root:1397329899:2.0.1:1:127.0.0.2,tcp/22:AAAAA
|
|
Warning: REQUIRE_SOURCE_ADDRESS not enabled for access stanza source: 'ANY'
|
|
SPA Field Values:
|
|
=================
|
|
Random Value: 1716411011200157
|
|
Username: root
|
|
Timestamp: 1397329899
|
|
FKO Version: 2.0.1
|
|
Message Type: 1 (Access msg)
|
|
Message String: 127.0.0.2,tcp/22
|
|
Nat Access: <NULL>
|
|
Server Auth: <NULL>
|
|
Client Timeout: 0
|
|
Digest Type: 3 (SHA256)
|
|
HMAC Type: 0 (None)
|
|
Encryption Type: 1 (Rijndael)
|
|
Encryption Mode: 2 (CBC)
|
|
Encoded Data: 1716411011200157:root:1397329899:2.0.1:1:127.0.0.2,tcp/22
|
|
SPA Data Digest: AAAAA
|
|
HMAC: <NULL>
|
|
Final SPA Data: 200157:root:1397329899:2.0.1:1:127.0.0.2,tcp/22:AAAAA
|
|
|
|
SPA packet decode: Success
|