48 lines
1.6 KiB
Markdown
48 lines
1.6 KiB
Markdown
# Homework 5: Fuzzing
|
|
|
|
|
|
## Prelude
|
|
The first step I took for this asignment was setting up the docker container. This was straightforward with the provided instructions
|
|
|
|
|
|
|
|
## Step-0
|
|
|
|
Here, I have followed the instructions the run the sample RTSP client and server
|
|
|
|
The server running is shown here
|
|
|
|
|
|
|
|
In another terminal, we run the sample client
|
|
|
|
|
|
|
|
## Step-1. Prepare message sequences as seed inputs
|
|
|
|
At this point, we have the server and client running. The next step is to install TCP dump, and open it up on a 3rd terminal window. We can now restart the client and capture some traffic
|
|
|
|
As we can see, with this approach we have captured 24 packets
|
|
|
|
|
|
|
|
Using `docker cp` I have copied that file `rtsp.pcap` to my local machine, and also have included it at [./rtsp.pcap](./rtsp.pcap)
|
|
|
|
Lets take a look at this file with `wireshark rtsp.pcap`
|
|
|
|
|
|
|
|
Following the instruction, we can save the raw TCP stream of the request messages to [rtsp_requests_wav.raw](./step1/rtsp_requests_wav.raw)
|
|
|
|
## Step-3 Fuzzing
|
|
|
|
We begin the fuzzing process running the supplied command
|
|
```
|
|
afl-fuzz -d -i $AFLNET/tutorials/live555/in-rtsp -o out-live555 -N tcp://127.0.0.1/8554 -x $AFLNET/tutorials/live555/rtsp.dict -P RTSP -D 10000 -q 3 -s 3 -E -K -R ./testOnDemandRTSPServer 8554
|
|
```
|
|
|
|
It seems off to a good start, and I will let this run for some time and check back later. In this case, I will use the provided seed corpus.
|
|
|
|
|
|
|
|
 |