-
Notifications
You must be signed in to change notification settings - Fork 52
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Questions about FTP protocol testing #2
Comments
Hello, About your first question: In the configuration file basic.conf, the option for chroot is commented and should not be enabled by default. In this case, it is maybe unnecessary to call the clean script. About your second question: For the SIP/Kamailio benchmark, we had to introduce the "-l" option for a similar problem, you can consider to use/extend that option. |
Thanks for answering, I will try this "-l" option for FTP protocol. |
Hi @Melody15, You are right that currently AFLNet focuses on fuzzing the control channel of the FTP protocol and it does not support the data channel yet. As suggested by Roberto, the "-l" option of AFLNet is relevant. However, I think the current implementation of the option does not work out-of-the-box to support two channels in FTP protocol. I guess a proper solution should answer the questions 1) when a connection to the data port (port 20) should be established and 2) whether AFLNet needs to add some logic to handle data exchange. This excellent writeup of Antonio @github Security (https://securitylab.github.com/research/fuzzing-sockets-FTP) reports a nice idea to handle the issue but it requires several code changes. Pull requests are welcome! Thuan |
Hi @thuanpv , I intend to refer to Antonio's article to further patch the ftp server to try to solve this problem, thank you for your reply and suggestion! |
Hello, recently I found this great benchmark, and after reading & testing some FTP implementations, I have some questions about FTP fuzzing.
This is the proftpd's cov_script
I am very interested in smart protocol fuzzing and look forward to your answers, thank you very much.
The text was updated successfully, but these errors were encountered: