Fusil the fuzzer v1.2 released
Fusil the fuzzer is a Python library used to write fuzzing programs. It helps to start process with a prepared environment (limit memory, environment variables, redirect stdout, etc.), start network client or server, and create mangled files. Fusil has many probes to detect program crash: watch process exit code, watch process stdout and syslog for text patterns (eg. "segmentation fault"), watch session duration, watch cpu usage (process and system load), etc.
User visible changes:
- Fusil now requires Python 2.5
- Documentation: write an index (index.rst) and an user guide (usage.rst)
- Replay script: copy HOME environment for GDB and catch setuid() error
- fusil-firefox: support more file formats (bmp, gif, ico, png, svg), create —test command line option, write the HTML page into index.html file
- fusil-python: write errors to stderr (instead of stdout) to avoid unicode error (especially with Python3)
- FileWatch: rename the session with "long_output" if the program wrote more than max_nbline lines
- fusil-python: blacklist posix.fork() to avoid false positive
- If the process is killed by a signal, rename the session using the signal name (already worked if the debugger was disabled)
Developer changes:
- MangleAgent supports multiple input files
- Create DummyMangle: agent with MangleFile API but don’t touch file content to test the fuzzer
- Network: close() method of NetworkClient and ServerClient use shutdown(SHUT_RDWR)
- NetworkServer uses a backlog of 5 clients for socket.listen() (instead of 1)
Bugfixes:
- Fix Directory.rmtree() and replay script for Python 3.0
- Fix ServerClient.sendBytes(): use socket.send() result to get the next data offset
Post scriptum
Related Articles
| Fusil |
|
| Fuzzers |
|
