A CTF fuzz powerd by protobuf.

protobuf_ctf_fuzz

一、简介

通过 protobuf + AFLplusplus 进行传统 ctf fuzz。

请参考这篇博文 来了解具体细节。

二、构建与运行

构建很简单,只需一行命令即可:

网络一定一定一定要好!!!

否则还是一条一条的粘贴 ./build.sh 中的命令运行,确保每条命令都成功吧(笑)

sudo ./build.sh

构建好后,将自定义 protobuf 放入 kp_src/out.proto 中,同时修改对应的 kp_src/mutate.cc 以及 kp_src/dump.cc,最后执行以下脚本以更新被修改的部分:

source ./pre_run.sh

每次修改kp_src/ 文件夹下的代码后,或者新开一个终端准备跑 fuzz 前,均需执行./pre_run.sh

之后自己准备 workdir 以及 fuzz_input,然后跑以下命令以启动 fuzz:

语料的准备,或许可以修改 kp_src/dumper.cc 并借助 afl-libprotobuf-mutator/dumper 来生成。

# 此时工作目录为:protobuf_ctf_fuzz/
AFLplusplus/afl-fuzz -i workdir/fuzz_input -o workdir/fuzz_output -Q -- <CTF_path>

三、例子

根目录下的 babyheap 文件作为例子用的 CTF 题目,其 protobuf 描述以及对应的 dumper 和 mutate 代码已经预置于 kp_src中。

四、可改进的地方

  1. libprotobuf-mutator 的变异效果一般,最好手动改进一下
  2. 需要实现一下 trim 逻辑,防止样例爆炸
Owner
Similar Resources

DirectX 11 library that provides convenient access to compute-based triangle filtering (CTF)

AMD GeometryFX The GeometryFX library provides convenient access to compute-based triangle filtering (CTF), which improves triangle throughput by filt

May 22, 2022
Comments
  • 原始输入转变为protobuf消息问题

    原始输入转变为protobuf消息问题

    在LPM代码中使用了LoadProtoInput将原始输入转变为protobuf格式的消息,请教下对原始输入有怎么样的类型要求呢? 我尝试从文件中读取数据保存为string,并把他转化为protobuf消息但是失败了 image

    或者作者你有什么方法可以调试protobuf吗,这困扰了我一段时间了。。非常感谢

OSS-Sydr-Fuzz - OSS-Fuzz fork for hybrid fuzzing (fuzzer+DSE) open source software.

OSS-Sydr-Fuzz: Hybrid Fuzzing for Open Source Software This repository is a fork of OSS-Fuzz project. OSS-Sydr-Fuzz contains open source software targ

Jun 19, 2022
a small protobuf implementation in C

μpb - a small protobuf implementation in C Platform Build Status macOS ubuntu μpb (often written 'upb') is a small protobuf implementation written in

Jun 15, 2022
Protobuf for Proxyman app - Include Apple Silicon & Intel architecture

Protobuf for Proxyman macOS app Protobuf for Proxyman app - Include Apple Silicon & Intel architecture How to build Open the project on the latest Xco

Nov 29, 2021
An updated fork of sqlite_protobuf, a SQLite extension for extracting values from serialized Protobuf messages.

This fork of sqlite_protobuf fixes some issues (e.g., #15) and removes the test suite that we do not use. It also comes with proto_table, a C library

Jun 18, 2022
0day VirtualBox 6.1.2 Escape for RealWorld CTF 2020/2021
0day VirtualBox 6.1.2 Escape for RealWorld CTF 2020/2021

RWCTF21-VirtualBox-61-escape 0day VirtualBox 6.1 Escape for RealWorld CTF 2020/2021 Demo What? This is our solution for RealWorld CTF's "Box Escape" c

Jun 9, 2022
StringCheese is a CTF tool to solve easy challenges automatically in many cases where a strings | grep is just not enough
StringCheese is a CTF tool to solve easy challenges automatically in many cases where a strings | grep is just not enough

StringCheese StringCheese is a script written in Python to extract CTF flags (or any other pattern with a prefix) automatically. It works like a simpl

Feb 21, 2022
Problem set of the final contest from CTF COMPFEST 13

CTF COMPFEST 13 - Final This repository contains the problem set of final contest from CTF COMPFEST 13. Table of Contents Problem Title Author Categor

Oct 29, 2021
fuzz the linux kernel bpf verifier

INTRODUCTION The idea comes from scannell's blog, Fuzzing for eBPF JIT bugs in the Linux kernel. It contains three parts: qemu fuzzlib ebpf sample gen

Jun 17, 2022
The Rumor is pure, nasty growling bass fuzz pedal, with bold out-front presence, and cutting articulation.
The Rumor is pure, nasty growling bass fuzz pedal, with bold out-front presence, and cutting articulation.

Rumor.lv2 The Rumor is pure, nasty growling bass fuzz pedal, with bold out-front presence, and cutting articulation. Features Nasty FUZZ simulation. D

Feb 28, 2022
OSS-Fuzz - continuous fuzzing for open source software.
OSS-Fuzz - continuous fuzzing for open source software.

OSS-Fuzz: Continuous Fuzzing for Open Source Software Fuzz testing is a well-known technique for uncovering programming errors in software. Many of th

Jun 20, 2022