Target

The Target class defines the interface for Sulley targets, and doubles as a Socket implementation of the Target interface.

Target Interface

Sulley uses the Target interface to send and receive data. The Target implementation(s) should handle logging. This enables consistent send/receive logging within and between tests.

Target Class

The Target class is also the Socket Target implementation, which the user’s Sulley scripts use to define the target under test.

The user passes host, port, etc. to Target, which passes them to its aggregate connection object.

Future

Having the interface and a specific implementation in one doesn’t match up with our current design strategy, and is a historical holdover. Furthermore, the socket arguments and argument docstrings are duplicated in Target; Target receives them and passes them to its aggregate class. One redesign plan is:

• Remove SerialTarget; have Target take an ITargetConnection in its constructor.

• This brings us down to a single Target class which doesn’t reproduce its connection’s implementation details (like constructor arguments).

• The user would now create a Target Connection instead of a Target.

Target Source Code

class boofuzz.Target(connection, monitors: list[BaseMonitor, Client] | BaseMonitor | Client | None = None, monitor_alive: Callable = None, max_recv_bytes=10000, repeater=None, procmon=None, procmon_options=None, **kwargs)

Bases: object

Target descriptor container.

Takes an ITargetConnection and wraps send/recv with appropriate FuzzDataLogger calls.

Encapsulates pedrpc connection logic.

Contains a logger which is configured by Session.add_target().

Example:

tcp_target = Target(SocketConnection(host='127.0.0.1', port=17971))

Parameters:

• connection (ITargetConnection) – Connection to system under test.

• monitors (list[BaseMonitor, pedrpc.Client]|BaseMonitor|pedrpc.Client) – List of Monitors for this Target.

• monitor_alive (Callable) – List of Functions that are called when a Monitor is alive. It is passed the monitor instance that became alive. Use it to e.g. set options on restart. The methods passed here should accept the following arguments: - monitor (self): The monitor that became alive. - fuzz_data_logger: The fuzz data logger. - parent_session: The parent session. Otherwise, use *args and **kwargs to accept any arguments.

• max_recv_bytes (int) – Maximum number of bytes to receive. Default 10000.

• repeater (repeater.Repeater) – Repeater to use for sending. Default None.

• procmon (BaseMonitor) – Deprecated interface for adding a process monitor.

• procmon_options (dict) – Deprecated interface for adding a process monitor.

Changed in version 0.4.2: This class has been moved into the sessions subpackage. The full path is now boofuzz.sessions.target.Target.

close()

Close connection to the target.

Returns:

None

get_connection() → ITargetConnection

Get the connection object.

Returns:

Connection object.

get_fuzz_data_logger()

Get this object’s fuzz data logger – for sent and received fuzz data.

Returns:

IFuzzLogger

monitors_alive()

Wait for the monitors to become alive / establish connection to the RPC server. This method is called on every restart of the target and when it’s added to a session. After successful probing, a callback is called, passing the monitor.

Returns:

None

property netmon_options

open()

Opens connection to the target. Make sure to call close!

Returns:

None

pedrpc_connect()

property procmon_options

recv(max_bytes=None)

Receive up to max_bytes data from the target.

Parameters:

max_bytes (int) – Maximum number of bytes to receive.

Returns:

Received data.

send(data)

Send data to the target. Only valid after calling open!

Parameters:

data – Data to send.

Returns:

None

set_fuzz_data_logger(fuzz_data_logger)

Set this object’s fuzz data logger – for sent and received fuzz data.

Parameters:

fuzz_data_logger (ifuzz_logger.IFuzzLogger) – New logger.

Returns:

None

Repeater

class boofuzz.repeater.Repeater(sleep_time)

Bases: object

Base Repeater class.

Parameters:

sleep_time (float) – Time to sleep between repetitions.

abstract log_message()

Formats a message to output in a log file. It should contain info about your repetition.

abstract repeat()

Decides whether the operation should repeat.

Returns:

True if the operation should repeat, False otherwise.

Return type:

Bool

abstract reset()

Resets the internal state of the repeater.

abstract start()

Starts the repeater.

The following concrete implementations of this interface are available:

TimeRepeater

class boofuzz.repeater.TimeRepeater(duration, sleep_time=0)

Bases: Repeater

Time-based repeater class. Starts a timer, and repeats until duration seconds have passed.

Raises:

ValueError – Raised if a time <= 0 is specified.

Parameters:

• duration (float) – The duration of the repitition.

• sleep_time (float) – Time to sleep between repetitions.

log_message()

Formats a message to output in a log file. It should contain info about your repetition.

repeat()

Decides whether the operation should repeat.

Returns:

True if the operation should repeat, False otherwise.

Return type:

Bool

reset()

Resets the timer.

start()

Starts the timer.

CountRepeater

class boofuzz.repeater.CountRepeater(count, sleep_time=0)

Bases: Repeater

Count-Based repeater class. Repeats a fixed number of times.

Raises:

ValueError – Raised if a count < 1 is specified.

Parameters:

• count (int) – Total amount of packets to be sent. Important: Do not confuse this parameter with the amount of repetitions. Specifying 1 would send exactly one packet.

• sleep_time (float) – Time to sleep between repetitions.

log_message()

Formats a message to output in a log file. It should contain info about your repetition.

repeat()

Decides whether the operation should repeat.

Returns:

True if the operation should repeat, False otherwise.

Return type:

Bool

reset()

Resets the internal state of the repeater.

start()

Starts the repeater.