Quickstart

The Session object is the center of your fuzz… session. When you create it, you’ll pass it a Target object, which will itself receive a Connection object. For example:

session = Session(
    target=Target(
        connection=SocketConnection("127.0.0.1", 8021, proto='tcp')))

Connection objects implement ITargetConnection. Available options include SocketConnection and SerialConnection.

With a Session object ready, you next need to define the messages in your protocol. Once you’ve read the requisite RFC, tutorial, etc., you should be confident enough in the format to define your protocol using the various static protocol definition functions.

Each message starts with an s_initialize function.

Here are several message definitions from the FTP protocol:

s_initialize("user")
s_string("USER")
s_delim(" ")
s_string("anonymous")
s_static("\r\n")

s_initialize("pass")
s_string("PASS")
s_delim(" ")
s_string("james")
s_static("\r\n")

s_initialize("stor")
s_string("STOR")
s_delim(" ")
s_string("AAAA")
s_static("\r\n")

s_initialize("retr")
s_string("RETR")
s_delim(" ")
s_string("AAAA")
s_static("\r\n")

Once you’ve defined your message(s), you will connect them into a graph using the Session object you just created.:

session.connect(s_get("user"))
session.connect(s_get("user"), s_get("pass"))
session.connect(s_get("pass"), s_get("stor"))
session.connect(s_get("pass"), s_get("retr"))

After that, you are ready to fuzz:

session.fuzz()

Note that at this point you have only a very basic fuzzer. Making it kick butt is up to you.

The log data of each run will be saved to a SQLite database located in the boofuzz-results directory at your current workdir. You can reopen the webinterface on any of those databases at any time with:

boo open <run-*.db>

To do cool stuff like checking responses, you’ll want to use post_test_case_callbacks in Session. You may also be interested in Making Your Own Block/Primitive.

Remember boofuzz is all Python, so everything is there for your customization. If you are doing crazy cool stuff, check out the community info and consider contributing back!

Happy fuzzing, and Godspeed!