-
Notifications
You must be signed in to change notification settings - Fork 66
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Stding fuzzing #40
Comments
Hi, thanks for you interest in Manul. There is experimental support for stdin fuzzing. check it out here: Line 86 in 8dd10a1
|
Hey is that for stdin or passing commands ? In other news I tried that but it still wants the @@ and I get an error. This error only occures when I uncomment cmd_fuzzing = True Traceback (most recent call last): The file I'm trying to fuzz is just a little test code to check the fuzzer. |
Test code as in a simple buffer overflow to test the stdin |
Well, that's a bug if it doesn't work :) |
That's why I'm reporting it. I uncommented cmd_fuzzing and this happens. I actually might not be able to do a PR in this case, because I don't know the issue. You could try a str(target_file_path), but what do I know. You programmed this, you're obviously more quilified than me. |
Am supposed to uncomment it are leave it commented? |
Do you need help fixing the bug? Can't say I can help much. I know python, but I don't know how you programmed this. I would have to study your codying style. Not to mention study how manul identifies input as a "crash". |
I'm also keen on using Manul if it can provide stdin like afl does with an afl-like "--" option. In my scenario I have a simple that when run, prompts for a user name and password but that has a deliberate buffer overflow issue. afl finds it when executed like this: I tried the Manul command line option as the closest fit (i.e. not actually stdin) and got the same crash as @KittyTechnoProgrammer . Python 3.6 on Ubuntu 18.04 LTS using a clean purpose made virtual environment for Manul testing. |
Hello. I like the idea of your manul fuzzier. However I notice a lack of stdin fuzzing. As the program keeps saying how i forgot the @@ for the string. This means that I can't fuzz my stdin because the program takes no arguments. This actually leads to an error (put in another topic).
P.S. Thank you for taking the time to read and hopefully fix this issue.
The text was updated successfully, but these errors were encountered: