Connections

Connection objects implement ITargetConnection. Available options include SocketConnection and SerialConnection.

ITargetConnection

class boofuzz.ITargetConnection[source]

Bases: object

Interface for connections to fuzzing targets. Target connections may be opened and closed multiple times. You must open before using send/recv and close afterwards.

close()[source]

Close connection.

Returns:None
info

Return description of connection info.

E.g., “127.0.0.1:2121”

Returns:Connection info descrption
Return type:str
open()[source]

Opens connection to the target. Make sure to call close!

Returns:None
recv(max_bytes)[source]

Receive up to max_bytes data.

Parameters:max_bytes (int) – Maximum number of bytes to receive.
Returns:Received data. bytes(‘’) if no data is received.
send(data)[source]

Send data to the target.

Parameters:data – Data to send.

:rtype int :return: Number of bytes actually sent.

SocketConnection

class boofuzz.SocketConnection(host, port=None, proto='tcp', bind=None, send_timeout=5.0, recv_timeout=5.0, ethernet_proto=2048, l2_dst='xffxffxffxffxffxff', udp_broadcast=False, server=False, keyfile=None, certfile=None)[source]

Bases: boofuzz.itarget_connection.ITargetConnection

ITargetConnection implementation using sockets.

Supports UDP, TCP, SSL, raw layer 2 and raw layer 3 packets.

Examples:

tcp_connection = SocketConnection(host='127.0.0.1', port=17971)
udp_connection = SocketConnection(host='127.0.0.1', port=17971, proto='udp')
udp_connection_2_way = SocketConnection(host='127.0.0.1', port=17971, proto='udp', bind=('127.0.0.1', 17972)
udp_broadcast = SocketConnection(host='127.0.0.1', port=17971, proto='udp', bind=('127.0.0.1', 17972),
                                 udp_broadcast=True)
raw_layer_2 = (host='lo', proto='raw-l2')
raw_layer_2 = (host='lo', proto='raw-l2',
               l2_dst='\xFF\xFF\xFF\xFF\xFF\xFF', ethernet_proto=socket_connection.ETH_P_IP)
raw_layer_3 = (host='lo', proto='raw-l3')
Parameters:
  • host (str) – Hostname or IP address of target system, or network interface string if using raw-l2 or raw-l3.
  • port (int) – Port of target service. Required for proto values ‘tcp’, ‘udp’, ‘ssl’.
  • proto (str) – Communication protocol (“tcp”, “udp”, “ssl”, “raw-l2”, “raw-l3”). Default “tcp”. raw-l2: Send packets at layer 2. Must include link layer header (e.g. Ethernet frame). raw-l3: Send packets at layer 3. Must include network protocol header (e.g. IPv4).
  • bind (tuple (host, port)) – Socket bind address and port. Required if using recv() with ‘udp’ protocol.
  • send_timeout (float) – Seconds to wait for send before timing out. Default 5.0.
  • recv_timeout (float) – Seconds to wait for recv before timing out. Default 5.0.
  • ethernet_proto (int) – Ethernet protocol when using ‘raw-l3’. 16 bit integer. Default ETH_P_IP (0x0800). See “if_ether.h” in Linux documentation for more options.
  • l2_dst (str) – Layer 2 destination address (e.g. MAC address). Used only by ‘raw-l3’. Default ‘ÿÿÿÿÿÿ’ (broadcast).
  • udp_broadcast (bool) – Set to True to enable UDP broadcast. Must supply appropriate broadcast address for send() to work, and ‘’ for bind host for recv() to work.
  • server (bool) – Set to True to enable server side fuzzing.
  • keyfile (str) – The file to use for the SSL key when server side fuzzing with proto ssl.
  • certfile (str) – The file to use for the SSL certificate when server side fuzzing with proto ssl.
MAX_PAYLOADS = {'raw-l2': 1514, 'raw-l3': 1500, 'udp': 65507}
close()[source]

Close connection to the target.

Returns:None
info
open()[source]

Opens connection to the target. Make sure to call close!

Returns:None
recv(max_bytes)[source]

Receive up to max_bytes data from the target.

Parameters:max_bytes (int) – Maximum number of bytes to receive.
Returns:Received data.
send(data)[source]

Send data to the target. Only valid after calling open! Some protocols will truncate; see self.MAX_PAYLOADS.

Parameters:data – Data to send.
Returns:Number of bytes actually sent.
Return type:int

SerialConnection

class boofuzz.SerialConnection(port=0, baudrate=9600, timeout=5, message_separator_time=0.3, content_checker=None)[source]

Bases: boofuzz.itarget_connection.ITargetConnection

ITargetConnection implementation for generic serial ports.

Since serial ports provide no default functionality for separating messages/packets, this class provides several means:

  • timeout: Return received bytes after timeout seconds.

  • msg_separator_time: Return received bytes after the wire is silent for a given time. This is useful, e.g., for terminal protocols without a machine-readable delimiter. A response may take a long time to send its information, and you know the message is done when data stops coming.

  • content_check: A user-defined function takes the data received so far and checks for a packet. The function should return 0 if the packet isn’t finished yet, or n if a valid message of n bytes has been received. Remaining bytes are stored for next call to recv(). Example:

    def content_check_newline(data):
    if data.find('\n') >= 0:
        return data.find('\n')
    else:
        return 0
    

If none of these methods are used, your connection may hang forever.

Parameters:
  • port (Union[int, str]) – Serial port name or number.
  • baudrate (int) – Baud rate for port.
  • timeout (float) – For recv(). After timeout seconds from receive start, recv() will return all received data, if any.
  • message_separator_time (float) – After message_separator_time seconds without receiving any more data, recv() will return. Optional. Default None.
  • content_checker (function(str) -> int) – User-defined function. recv() will pass all bytes received so far to this method. If the method returns n > 0, recv() will return n bytes. If it returns 0, recv() will keep on reading.
close()[source]

Close connection to the target.

Returns:None
info
open()[source]

Opens connection to the target. Make sure to call close!

Returns:None
recv(max_bytes)[source]

Receive up to max_bytes data from the target.

Parameters:max_bytes (int) – Maximum number of bytes to receive.
Returns:Received data.
send(data)[source]

Send data to the target. Only valid after calling open!

Parameters:data – Data to send.
Returns:Number of bytes actually sent.
Return type:int