SlideShare une entreprise Scribd logo

Fuzzing python modules

delimitry
delimitry

The presentation from SPbPython meetup about fuzzing/fuzz testing Python modules with AFL (American fuzzy lop).

Ingénierie
1  sur  14
Télécharger pour lire hors ligne
Fuzzing Python Modules Dmitry Alimov 2018
Fuzzing/fuzz testing Automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a program [1]
AFL (American fuzzy lop) American fuzzy lop – security-oriented fuzzer that employs a novel type of compile-time instrumentation and genetic algorithms [2] AFL found vulnerabilities and other bugs in: tcpdump, ffmpeg, VLC, OpenCV, MySQL, SQLite, PuTTY, wireshark, radare2, tmux, X.Org Server, PHP, OpenSSL, pngcrush, bash, Firefox, BIND, Qt etc.
AFL (American fuzzy lop) Install AFL and python wrapper [3]: $ sudo apt install afl $ brew install afl-fuzz $ pip install python-afl
Simple test import os import sys def main(): data = sys.stdin.read() if len(data) == 2 and data[0] == '1' and data[1] == '2': raise Exception('BUG!') os._exit(0) if __name__ == '__main__': import afl afl.start() main()
AFL config and run # echo core > /proc/sys/kernel/core_pattern Maybe skip CPU freq is required: AFL_SKIP_CPUFREQ=1 or update CPUFREQ settings for CPUs: # echo performance | tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor $ py-afl-fuzz -m 500 -t 2000 -i in -o out -- python test.py
Simple test results Crash found: ./out/crashes/id:000000,sig:10,src:000000,op:havoc,rep:2 $ cat id:000000,sig:10,src:000000,op:havoc,rep:2 12
Test compressed_rtf module import os import sys from compressed_rtf import compress, decompress def main(): data = sys.stdin.read() assert decompress(compress(data, compressed=True)) == data os._exit(0) if __name__ == '__main__': import afl afl.start() main()
Other tools - See PythonTestingToolsTaxonomy [5] - Hypothesis [10] - zzuf [11] - your own bicycle [6]
Bug in marshal module Artem Smotrakov found a bug in marshal module with his own fuzzer [6, 8]: import marshal value = ('this is a string', [1, 2, 3, 4], ('more tuples', 1.0, 2.3, 4.5), 'this is yet another string') dump = marshal.dumps(value) data = bytearray(dump) data[10] = 40 data[4] = 16 data[103] = 143 data[97] = 245 data[78] = 114 data[35] = 188 marshal.loads(bytes(data))
Bug in marshal module Artem Smotrakov found a bug in marshal module with his own fuzzer [6, 7, 8]:
References 1. https://en.wikipedia.org/wiki/Fuzzing 2. http://lcamtuf.coredump.cx/afl/ 3. https://alexgaynor.net/2015/apr/13/introduction-to-fuzzing-in-python-with-afl/ 4. https://barro.github.io/2018/01/taking-a-look-at-python-afl/ 5. https://wiki.python.org/moin/PythonTestingToolsTaxonomy 6. https://blog.gypsyengineer.com/en/security/python-marshal-module-fuzzing.html 7. https://bugs.python.org/issue27826 8. https://github.com/artem-smotrakov/python-marshal-fuzzer 9. http://tomviner.co.uk/tag/conferences.html 10. https://hypothesis.works/ 11. http://caca.zoy.org/wiki/zzuf 12. https://fuzzing-project.org/

Recommandé

FFR GreenKiller - Automatic kernel-mode malware analysis system
FFR GreenKiller - Automatic kernel-mode malware analysis systemFFR GreenKiller - Automatic kernel-mode malware analysis system
FFR GreenKiller - Automatic kernel-mode malware analysis system
FFRI, Inc.
 
Mod06 new development tools
Mod06 new development toolsMod06 new development tools
Mod06 new development tools
Peter Haase
 
Shusei tomonaga pac_sec_20171026
Shusei tomonaga pac_sec_20171026Shusei tomonaga pac_sec_20171026
Shusei tomonaga pac_sec_20171026
PacSecJP
 
DevOps Fest 2020. Philipp Krenn. Scale Your Auditing Events
DevOps Fest 2020. Philipp Krenn. Scale Your Auditing EventsDevOps Fest 2020. Philipp Krenn. Scale Your Auditing Events
DevOps Fest 2020. Philipp Krenn. Scale Your Auditing Events
DevOps_Fest
 
Awesome_fuzzing_for _pentester_red-pill_2017
Awesome_fuzzing_for _pentester_red-pill_2017Awesome_fuzzing_for _pentester_red-pill_2017
Awesome_fuzzing_for _pentester_red-pill_2017
Manich Koomsusi
 
[Hackersuli] [HUN] Windows a szereloaknan
[Hackersuli] [HUN] Windows a szereloaknan[Hackersuli] [HUN] Windows a szereloaknan
[Hackersuli] [HUN] Windows a szereloaknan
hackersuli
 
Test
TestTest
Test
todayscooltip
 
Ceh v8 labs module 05 system hacking
Ceh v8 labs module 05 system hackingCeh v8 labs module 05 system hacking
Ceh v8 labs module 05 system hacking
Mehrdad Jingoism
 

Recommandé

FFR GreenKiller - Automatic kernel-mode malware analysis system
FFR GreenKiller - Automatic kernel-mode malware analysis systemFFR GreenKiller - Automatic kernel-mode malware analysis system
FFR GreenKiller - Automatic kernel-mode malware analysis system
FFRI, Inc.
 
Mod06 new development tools
Mod06 new development toolsMod06 new development tools
Mod06 new development tools
Peter Haase
 
Shusei tomonaga pac_sec_20171026
Shusei tomonaga pac_sec_20171026Shusei tomonaga pac_sec_20171026
Shusei tomonaga pac_sec_20171026
PacSecJP
 
DevOps Fest 2020. Philipp Krenn. Scale Your Auditing Events
DevOps Fest 2020. Philipp Krenn. Scale Your Auditing EventsDevOps Fest 2020. Philipp Krenn. Scale Your Auditing Events
DevOps Fest 2020. Philipp Krenn. Scale Your Auditing Events
DevOps_Fest
 
Awesome_fuzzing_for _pentester_red-pill_2017
Awesome_fuzzing_for _pentester_red-pill_2017Awesome_fuzzing_for _pentester_red-pill_2017
Awesome_fuzzing_for _pentester_red-pill_2017
Manich Koomsusi
 
[Hackersuli] [HUN] Windows a szereloaknan
[Hackersuli] [HUN] Windows a szereloaknan[Hackersuli] [HUN] Windows a szereloaknan
[Hackersuli] [HUN] Windows a szereloaknan
hackersuli
 
Test
TestTest
Test
todayscooltip
 
Ceh v8 labs module 05 system hacking
Ceh v8 labs module 05 system hackingCeh v8 labs module 05 system hacking
Ceh v8 labs module 05 system hacking
Mehrdad Jingoism
 
A Hypervisor IPS based on Hardware Assisted Virtualization Technology
A Hypervisor IPS based on Hardware Assisted Virtualization TechnologyA Hypervisor IPS based on Hardware Assisted Virtualization Technology
A Hypervisor IPS based on Hardware Assisted Virtualization Technology
FFRI, Inc.
 
TestR: generating unit tests for R internals
TestR: generating unit tests for R internalsTestR: generating unit tests for R internals
TestR: generating unit tests for R internals
Roman Tsegelskyi
 
Inside Winnyp
Inside WinnypInside Winnyp
Inside Winnyp
FFRI, Inc.
 
How security broken? - Android internals and malware infection possibilities
How security broken? - Android internals and malware infection possibilitiesHow security broken? - Android internals and malware infection possibilities
How security broken? - Android internals and malware infection possibilities
FFRI, Inc.
 
Two Challenges of Stealthy Hypervisors Detection: Time Cheating and Data Fluc...
Two Challenges of Stealthy Hypervisors Detection: Time Cheating and Data Fluc...Two Challenges of Stealthy Hypervisors Detection: Time Cheating and Data Fluc...
Two Challenges of Stealthy Hypervisors Detection: Time Cheating and Data Fluc...
Igor Korkin
 
Taint scope
Taint scopeTaint scope
Taint scope
geeksec80
 
Ch8-Computer Security
Ch8-Computer SecurityCh8-Computer Security
Ch8-Computer Security
Attaporn Ninsuwan
 
Protocol T50: Five months later... So what?
Protocol T50: Five months later... So what?Protocol T50: Five months later... So what?
Protocol T50: Five months later... So what?
Nelson Brito
 
Criminal Record System
Criminal Record SystemCriminal Record System
Criminal Record System
Cool Guy
 
Python and Machine Learning
Python and Machine LearningPython and Machine Learning
Python and Machine Learning
trygub
 
CanSecWest (1)
CanSecWest (1)CanSecWest (1)
CanSecWest (1)
Abhishek Singh
 
DEF CON 27 - HUBER AND ROSKOSCH - im on your phone listening attacking voip c...
DEF CON 27 - HUBER AND ROSKOSCH - im on your phone listening attacking voip c...DEF CON 27 - HUBER AND ROSKOSCH - im on your phone listening attacking voip c...
DEF CON 27 - HUBER AND ROSKOSCH - im on your phone listening attacking voip c...
Felipe Prado
 
MPI
MPIMPI
MPI
ZongYing Lyu
 
Virtual platform
Virtual platformVirtual platform
Virtual platform
sean chen
 
Linux Security APIs and the Chromium Sandbox
Linux Security APIs and the Chromium SandboxLinux Security APIs and the Chromium Sandbox
Linux Security APIs and the Chromium Sandbox
Patricia Aas
 
PVS-Studio, a solution for resource intensive applications development
PVS-Studio, a solution for resource intensive applications developmentPVS-Studio, a solution for resource intensive applications development
PVS-Studio, a solution for resource intensive applications development
OOO "Program Verification Systems"
 
Kernel Debugging & Profiling
Kernel Debugging & ProfilingKernel Debugging & Profiling
Kernel Debugging & Profiling
Anil Kumar Pugalia
 
Kernel Debugging & Profiling
Kernel Debugging & ProfilingKernel Debugging & Profiling
Kernel Debugging & Profiling
Anil Kumar Pugalia
 
Laboratory exercise - Network security - Penetration testing
Laboratory exercise - Network security - Penetration testingLaboratory exercise - Network security - Penetration testing
Laboratory exercise - Network security - Penetration testing
seastorm44
 
Information track presentation_final
Information track presentation_finalInformation track presentation_final
Information track presentation_final
Kazuki Omo
 
How to Design a Great API (using flask) [ploneconf2017]
How to Design a Great API (using flask) [ploneconf2017]How to Design a Great API (using flask) [ploneconf2017]
How to Design a Great API (using flask) [ploneconf2017]
Devon Bernard
 
Linux seccomp(2) vs OpenBSD pledge(2)
Linux seccomp(2) vs OpenBSD pledge(2)Linux seccomp(2) vs OpenBSD pledge(2)
Linux seccomp(2) vs OpenBSD pledge(2)
Giovanni Bechis
 

Contenu connexe

Tendances

A Hypervisor IPS based on Hardware Assisted Virtualization Technology
A Hypervisor IPS based on Hardware Assisted Virtualization TechnologyA Hypervisor IPS based on Hardware Assisted Virtualization Technology
A Hypervisor IPS based on Hardware Assisted Virtualization Technology
FFRI, Inc.
 
How security broken? - Android internals and malware infection possibilities
How security broken? - Android internals and malware infection possibilitiesHow security broken? - Android internals and malware infection possibilities
How security broken? - Android internals and malware infection possibilities
FFRI, Inc.
 
Two Challenges of Stealthy Hypervisors Detection: Time Cheating and Data Fluc...
Two Challenges of Stealthy Hypervisors Detection: Time Cheating and Data Fluc...Two Challenges of Stealthy Hypervisors Detection: Time Cheating and Data Fluc...
Two Challenges of Stealthy Hypervisors Detection: Time Cheating and Data Fluc...
Igor Korkin
 

Tendances (7)

A Hypervisor IPS based on Hardware Assisted Virtualization Technology
A Hypervisor IPS based on Hardware Assisted Virtualization TechnologyA Hypervisor IPS based on Hardware Assisted Virtualization Technology
A Hypervisor IPS based on Hardware Assisted Virtualization Technology
 
TestR: generating unit tests for R internals
TestR: generating unit tests for R internalsTestR: generating unit tests for R internals
TestR: generating unit tests for R internals
 
Inside Winnyp
Inside WinnypInside Winnyp
Inside Winnyp
 
How security broken? - Android internals and malware infection possibilities
How security broken? - Android internals and malware infection possibilitiesHow security broken? - Android internals and malware infection possibilities
How security broken? - Android internals and malware infection possibilities
 
Two Challenges of Stealthy Hypervisors Detection: Time Cheating and Data Fluc...
Two Challenges of Stealthy Hypervisors Detection: Time Cheating and Data Fluc...Two Challenges of Stealthy Hypervisors Detection: Time Cheating and Data Fluc...
Two Challenges of Stealthy Hypervisors Detection: Time Cheating and Data Fluc...
 
Taint scope
Taint scopeTaint scope
Taint scope
 
Ch8-Computer Security
Ch8-Computer SecurityCh8-Computer Security
Ch8-Computer Security
 

Similaire à Fuzzing python modules

Virtual platform
Virtual platformVirtual platform
Virtual platform
sean chen
 
How to Design a Great API (using flask) [ploneconf2017]
How to Design a Great API (using flask) [ploneconf2017]How to Design a Great API (using flask) [ploneconf2017]
How to Design a Great API (using flask) [ploneconf2017]
Devon Bernard
 

Similaire à Fuzzing python modules (20)

Protocol T50: Five months later... So what?
Protocol T50: Five months later... So what?Protocol T50: Five months later... So what?
Protocol T50: Five months later... So what?
 
Criminal Record System
Criminal Record SystemCriminal Record System
Criminal Record System
 
Python and Machine Learning
Python and Machine LearningPython and Machine Learning
Python and Machine Learning
 
CanSecWest (1)
CanSecWest (1)CanSecWest (1)
CanSecWest (1)
 
DEF CON 27 - HUBER AND ROSKOSCH - im on your phone listening attacking voip c...
DEF CON 27 - HUBER AND ROSKOSCH - im on your phone listening attacking voip c...DEF CON 27 - HUBER AND ROSKOSCH - im on your phone listening attacking voip c...
DEF CON 27 - HUBER AND ROSKOSCH - im on your phone listening attacking voip c...
 
MPI
MPIMPI
MPI
 
Virtual platform
Virtual platformVirtual platform
Virtual platform
 
Linux Security APIs and the Chromium Sandbox
Linux Security APIs and the Chromium SandboxLinux Security APIs and the Chromium Sandbox
Linux Security APIs and the Chromium Sandbox
 
PVS-Studio, a solution for resource intensive applications development
PVS-Studio, a solution for resource intensive applications developmentPVS-Studio, a solution for resource intensive applications development
PVS-Studio, a solution for resource intensive applications development
 
Kernel Debugging & Profiling
Kernel Debugging & ProfilingKernel Debugging & Profiling
Kernel Debugging & Profiling
 
Kernel Debugging & Profiling
Kernel Debugging & ProfilingKernel Debugging & Profiling
Kernel Debugging & Profiling
 
Laboratory exercise - Network security - Penetration testing
Laboratory exercise - Network security - Penetration testingLaboratory exercise - Network security - Penetration testing
Laboratory exercise - Network security - Penetration testing
 
Information track presentation_final
Information track presentation_finalInformation track presentation_final
Information track presentation_final
 
How to Design a Great API (using flask) [ploneconf2017]
How to Design a Great API (using flask) [ploneconf2017]How to Design a Great API (using flask) [ploneconf2017]
How to Design a Great API (using flask) [ploneconf2017]
 
Linux seccomp(2) vs OpenBSD pledge(2)
Linux seccomp(2) vs OpenBSD pledge(2)Linux seccomp(2) vs OpenBSD pledge(2)
Linux seccomp(2) vs OpenBSD pledge(2)
 
Pythonpresent
PythonpresentPythonpresent
Pythonpresent
 
Advanced System Security and Digital Forensics
Advanced System Security and Digital ForensicsAdvanced System Security and Digital Forensics
Advanced System Security and Digital Forensics
 
Online test program generator for RISC-V processors
Online test program generator for RISC-V processorsOnline test program generator for RISC-V processors
Online test program generator for RISC-V processors
 
Essential security for linux servers
Essential security for linux serversEssential security for linux servers
Essential security for linux servers
 
Python lec1
Python lec1Python lec1
Python lec1
 

Plus de delimitry

Plus de delimitry (19)

Python Hashlib & A True Story of One Bug
Python Hashlib & A True Story of One BugPython Hashlib & A True Story of One Bug
Python Hashlib & A True Story of One Bug
 
JIT compilation for CPython
JIT compilation for CPythonJIT compilation for CPython
JIT compilation for CPython
 
Data storage systems
Data storage systemsData storage systems
Data storage systems
 
Writing file system in CPython
Writing file system in CPythonWriting file system in CPython
Writing file system in CPython
 
CPython logo
CPython logoCPython logo
CPython logo
 
Contribute to CPython
Contribute to CPythonContribute to CPython
Contribute to CPython
 
Buzzword poem generator in Python
Buzzword poem generator in PythonBuzzword poem generator in Python
Buzzword poem generator in Python
 
True stories on the analysis of network activity using Python
True stories on the analysis of network activity using PythonTrue stories on the analysis of network activity using Python
True stories on the analysis of network activity using Python
 
Numbers obfuscation in Python
Numbers obfuscation in PythonNumbers obfuscation in Python
Numbers obfuscation in Python
 
ITGM #9 - Коварный CodeType, или от segfault'а к работающему коду
ITGM #9 - Коварный CodeType, или от segfault'а к работающему кодуITGM #9 - Коварный CodeType, или от segfault'а к работающему коду
ITGM #9 - Коварный CodeType, или от segfault'а к работающему коду
 
Python dictionary : past, present, future
Python dictionary : past, present, futurePython dictionary : past, present, future
Python dictionary : past, present, future
 
Python dict: прошлое, настоящее, будущее
Python dict: прошлое, настоящее, будущееPython dict: прошлое, настоящее, будущее
Python dict: прошлое, настоящее, будущее
 
Разработка фреймворка на Python для автоматизации тестирования STB боксов
Разработка фреймворка на Python для автоматизации тестирования STB боксовРазработка фреймворка на Python для автоматизации тестирования STB боксов
Разработка фреймворка на Python для автоматизации тестирования STB боксов
 
SchoolCTF 2012 - Tpircsavaj
SchoolCTF 2012 - TpircsavajSchoolCTF 2012 - Tpircsavaj
SchoolCTF 2012 - Tpircsavaj
 
SchoolCTF 2012 - See Shark
SchoolCTF 2012 - See SharkSchoolCTF 2012 - See Shark
SchoolCTF 2012 - See Shark
 
SchoolCTF 2012 - Rings
SchoolCTF 2012 - RingsSchoolCTF 2012 - Rings
SchoolCTF 2012 - Rings
 
SchoolCTF 2012 - Bin Pix
SchoolCTF 2012 - Bin PixSchoolCTF 2012 - Bin Pix
SchoolCTF 2012 - Bin Pix
 
SchoolCTF 2012 - Acid
SchoolCTF 2012 - AcidSchoolCTF 2012 - Acid
SchoolCTF 2012 - Acid
 
Python GC
Python GCPython GC
Python GC
 

Dernier

Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Call Girls in Nagpur High Profile
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Christo Ananth
 
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
ranjana rawat
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Christo Ananth
 
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
roncy bisnoi
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
ankushspencer015
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
dollysharma2066
 

Dernier (20)

UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performance
 
Thermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VThermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - V
 
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
 
Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
 
UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICS
UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICSUNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICS
UNIT-IFLUID PROPERTIES & FLOW CHARACTERISTICS
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghly
 
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
 
chapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineeringchapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineering
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
 
Online banking management system project.pdf
Online banking management system project.pdfOnline banking management system project.pdf
Online banking management system project.pdf
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.ppt
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
 
Intze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdfIntze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdf
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSIS
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
(INDIRA) Call Girl Meerut Call Now 8617697112 Meerut Escorts 24x7
 
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 

Fuzzing python modules

  • 2. Fuzzing/fuzz testing Automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a program [1]
  • 3. AFL (American fuzzy lop) American fuzzy lop – security-oriented fuzzer that employs a novel type of compile-time instrumentation and genetic algorithms [2] AFL found vulnerabilities and other bugs in: tcpdump, ffmpeg, VLC, OpenCV, MySQL, SQLite, PuTTY, wireshark, radare2, tmux, X.Org Server, PHP, OpenSSL, pngcrush, bash, Firefox, BIND, Qt etc.
  • 4. AFL (American fuzzy lop) Install AFL and python wrapper [3]: $ sudo apt install afl $ brew install afl-fuzz $ pip install python-afl
  • 5. Simple test import os import sys def main(): data = sys.stdin.read() if len(data) == 2 and data[0] == '1' and data[1] == '2': raise Exception('BUG!') os._exit(0) if __name__ == '__main__': import afl afl.start() main()
  • 6. AFL config and run # echo core > /proc/sys/kernel/core_pattern Maybe skip CPU freq is required: AFL_SKIP_CPUFREQ=1 or update CPUFREQ settings for CPUs: # echo performance | tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor $ py-afl-fuzz -m 500 -t 2000 -i in -o out -- python test.py
  • 7.
  • 8. Simple test results Crash found: ./out/crashes/id:000000,sig:10,src:000000,op:havoc,rep:2 $ cat id:000000,sig:10,src:000000,op:havoc,rep:2 12
  • 9. Test compressed_rtf module import os import sys from compressed_rtf import compress, decompress def main(): data = sys.stdin.read() assert decompress(compress(data, compressed=True)) == data os._exit(0) if __name__ == '__main__': import afl afl.start() main()
  • 10.
  • 11. Other tools - See PythonTestingToolsTaxonomy [5] - Hypothesis [10] - zzuf [11] - your own bicycle [6]
  • 12. Bug in marshal module Artem Smotrakov found a bug in marshal module with his own fuzzer [6, 8]: import marshal value = ('this is a string', [1, 2, 3, 4], ('more tuples', 1.0, 2.3, 4.5), 'this is yet another string') dump = marshal.dumps(value) data = bytearray(dump) data[10] = 40 data[4] = 16 data[103] = 143 data[97] = 245 data[78] = 114 data[35] = 188 marshal.loads(bytes(data))
  • 13. Bug in marshal module Artem Smotrakov found a bug in marshal module with his own fuzzer [6, 7, 8]:
  • 14. References 1. https://en.wikipedia.org/wiki/Fuzzing 2. http://lcamtuf.coredump.cx/afl/ 3. https://alexgaynor.net/2015/apr/13/introduction-to-fuzzing-in-python-with-afl/ 4. https://barro.github.io/2018/01/taking-a-look-at-python-afl/ 5. https://wiki.python.org/moin/PythonTestingToolsTaxonomy 6. https://blog.gypsyengineer.com/en/security/python-marshal-module-fuzzing.html 7. https://bugs.python.org/issue27826 8. https://github.com/artem-smotrakov/python-marshal-fuzzer 9. http://tomviner.co.uk/tag/conferences.html 10. https://hypothesis.works/ 11. http://caca.zoy.org/wiki/zzuf 12. https://fuzzing-project.org/