|
|
@@ -130,7 +130,7 @@ command line in the opener main directory.
|
|
|
|
|
|
Fuzzing
|
|
|
--------------
|
|
|
-#### Intro
|
|
|
+### Intro
|
|
|
Fuzzing is an automated testing method that directs varying input data to a program in
|
|
|
order to monitor output. It is a way to test for overall reliability as well as identify
|
|
|
potential security bugs.
|
|
|
@@ -143,7 +143,7 @@ The fuzzer we are using is AFL, a fuzzer that uses runtime guided techniques to
|
|
|
|
|
|
|
|
|
|
|
|
-#### Compile
|
|
|
+### Compile
|
|
|
To start fuzzing this project with AFL you'll need to compile it with AFL.
|
|
|
First make sure you have AFL installed:
|
|
|
```
|
|
|
@@ -161,7 +161,7 @@ Then, compile OpENer with AFL:
|
|
|
2. Compile OpENer with AFL ``./setup_posix_fuzz_afl.sh``
|
|
|
3. Run ``make``
|
|
|
|
|
|
-#### Fuzz
|
|
|
+### Fuzz
|
|
|
Finally, generate some test cases and start AFL:
|
|
|
```
|
|
|
# Generate inputs
|
|
|
@@ -172,10 +172,10 @@ echo 630000000000000000000000000000000000000000000000 | xxd -r -p > ./inputs/eni
|
|
|
afl-fuzz -i inputs -o findings ./src/ports/POSIX/OpENer <interface_name>
|
|
|
```
|
|
|
|
|
|
-#### Reproduce a crash
|
|
|
+### Reproduce a crash
|
|
|
Usually to reproduce a crash it's enough to retransmit the testcase using ``cat testcase | nc IP_ADDR 44818``
|
|
|
However, since CIP runs over the EtherNet/IP layer, it must first register a valid session. Therefore, we need to use a dedicated script:
|
|
|
-`python2 fuzz/scripts/send_testcase.py IP testcase_path`
|
|
|
+`python fuzz/scripts/send_testcase.py IP testcase_path`
|
|
|
|
|
|
|
|
|
Porting OpENer:
|
Sharon Brizinov