Hey all, I’m working on fuzzing an Apple service and I needed PAIMEIPeek to track send() as well as recv()… since recv() function tracing is already in PAIMEIpeek.py adding support for send() was pretty damn simple.
update:
paimei/console/modules/PAIMEIpeek.py
and
paimei/console/modules/_PAIMEIpeek/PeekOptionsDlg.py
The new options window:
I’ll continue fuzzing this project using a more advanced technique called “In Memory Fuzzing”.
Using functionality supported by pydbg I’ll be setting a pydbg.process_snapshot() on the recv hook and then a pydbg.virtual_alloc(). This will allow me to create space and import my munged XML into the process space using pydbg.write_process_memory(address, mungedxml)
Then, after the munged xml is in memory I’ll change context.esp+4 pointer to mungedxml… restore the hook… and use pydbg’s built in memory/stack corruption detection to look for faults.
What I’d like to start working on is a gui to setup hooks on functions, parse the input and replace them with sulley strings… I haven’t seen a good set of tools to do in memory fuzzing and PaiMei seems to be the perfect platform — any takers?
Previous 
Next 
Categories
Tag Cloud
Blog RSS
Comments RSS
Last 50 Posts
Back
Void 
Life 
Earth 
Wind 
Water 
Fire