8
edits
Changes
include the code for the httpserver.py publisher
fuzzer.
The attached following file, httpserver.py file includes , is our custom publisher. This just
takes one Peach-generated WOFF file at a time and waits for a request for
a WOFF file before grabbing another from Peach.
<pre>
'''
Simple HTTP server publisher for the Peach fuzzing framework.
@author: Justin Samuel <js@justinsamuel.com>
@see: https://wiki.mozilla.org/Security/Fuzzing/Peach
@see: http://peachfuzzer.com/CustomPublisher
'''
import BaseHTTPServer
import Queue
import sys
from Peach.publisher import Publisher
# The address and port that the webserver we run listens on.
SERVER_ADDRESS = 'localhost'
SERVER_PORT = 8111
# After each fuzzed file is served, a copy of it will be stored in this file.
# Thus, if Firefox crashes after requesting the file and no further fuzzed
# files are requested, this will be the file that caused the crash. Note that
# if this is not saved for some reason, it can be regenerated by knowing which
# test number Peach was on when the crash happened. A new round of testing can
# be resumed at that number as long as the xml file passed to peach is the same
# in addition to any files referenced by that xml file being the same (i.e.
# the original file that is being modified to create each fuzz file).
SAVE_LAST_FUZZ_FILENAME = "/tmp/last_fuzzfont.woff"
# The static index file to serve when requests for '/' are received.
INDEX_FILE_DATA = open('/tmp/webroot/index.html').read()
http_server = None
fuzzq = Queue.Queue()
class FuzzHttpServer(BaseHTTPServer.HTTPServer):
allow_reuse_address = True
class FuzzRequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):
def do_GET(self):
# Use self.path to respond different based on the requested path.
# Use self.server to get the server object.
if self.path == "/":
self._serveData(INDEX_FILE_DATA)
elif self.path.startswith("/fuzzfont.woff"):
self._fuzzFont()
else:
self.send_error(404)
def _serveData(self, data):
self.send_response(200)
self.send_header("Content-Length", len(data))
self.send_header("Content-Type", "text/html")
self.end_headers()
self.wfile.write(data)
def _fuzzFont(self):
fuzzdata = fuzzq.get()
self.send_response(200)
self.send_header("Content-Length", len(fuzzdata))
self.send_header("Content-Type", "text/plain")
# Access control header useful if serving some of the other files
# from apache, for example, and thus from a different port.
self.send_header("Access-Control-Allow-Origin", "*")
self.end_headers()
self.wfile.write(fuzzdata)
fp = open(SAVE_LAST_FUZZ_FILENAME, 'wb')
fp.write(fuzzdata)
fp.close()
class HttpServerPublisher(Publisher):
'''
Each round of generation will result in the following calls:
start
connect
send
close
stop
'''
def __init__(self):
global http_server
server_address = (SERVER_ADDRESS, SERVER_PORT)
print "Starting server listening at %s:%s" % server_address
sys.stdout.flush()
http_server = FuzzHttpServer(server_address, FuzzRequestHandler)
# Definining withNode prevents some peach error.
self.withNode = False
def start(self):
pass
def connect(self):
pass
def send(self, data):
'''Peach calls this to provide us the fuzzer-generated data.'''
fuzzq.put(data)
print "waiting for next request"
sys.stdout.flush()
http_server.handle_request()
def close(self):
pass
def stop(self):
pass
def property(self, property, value = None):
pass
</pre>
To install this customer publisher, place the file in the Peach/Publishers/
