# Homework 5: Fuzzing


## Prelude
The first step I took for this asignment was setting up the docker container. This was straightforward with the provided instructions

![docker](./step0/docker.png)

## Step-0

Here, I have followed the instructions the run the sample RTSP client and server

The server running is shown here

![step0-a](./step0/server.png)

In another terminal, we run the sample client

![step0-b](./step0/client.png)

## Step-1. Prepare message sequences as seed inputs

At this point, we have the server and client running. The next step is to install TCP dump, and open it up on a 3rd terminal window. We can now restart the client and capture some traffic

As we can see, with this approach we have captured 24 packets

![step1/capture](./step1/capture.png)

Using `docker cp` I have copied that file `rtsp.pcap` to my local machine, and also have included it at [./rtsp.pcap](./rtsp.pcap)

Lets take a look at this file with `wireshark rtsp.pcap`

![wireshark](./step1/wireshark.png)

Following the instruction, we can save the raw TCP stream of the request messages to [rtsp_requests_wav.raw](./step1/rtsp_requests_wav.raw)

## Step-3 Fuzzing

We begin the fuzzing process running the supplied command
```
afl-fuzz -d -i $AFLNET/tutorials/live555/in-rtsp -o out-live555 -N tcp://127.0.0.1/8554 -x $AFLNET/tutorials/live555/rtsp.dict -P RTSP -D 10000 -q 3 -s 3 -E -K -R ./testOnDemandRTSPServer 8554
```

It seems off to a good start, and I will let this run for some time and check back later. In this case, I will use the provided seed corpus.

![begin-fuzz](./step3/begin-fuzz.png)

![afl](./step3/afl.png)