ProxyFuzz is a man-in-the-middle non-deterministic network fuzzer written in Python. ProxyFuzz randomly changes (fuzzes) contents on the network traffic. It supports TCP and UDP protocols and can also be configured to fuzz only one side of the communication. ProxyFuzz is protocol agnostic so it can randomly fuzz any network communication.
83cb422e91d20d05afbe49119a394fe82ea883046f73d3a4484f08440e667307
# Proxyfuzz: a TCP and UDP proxy man-in-the-middle fuzzer
# v 0.1
# By Rodrigo Marcos
# http://www.theartoffuzzing.com
from twisted.protocols import portforward
from twisted.internet.protocol import DatagramProtocol
from twisted.internet import reactor
import getopt, sys
from random import randint
# UDP Proxy stuff
class Client(DatagramProtocol):
def __init__(self, server, host, port):
self.server = server
self.host = host
self.port = port
def startProtocol(self):
self.transport.connect(desthost, destport)
def datagramReceived(self, data, (host, port)):
global verbose
global notuntil
global request
global testclient
if testclient:
if request < notuntil:
request = request + 1
else:
data = fuzz(data)
if verbose:
print "Server ------> Client"
print "%r" % data
self.server.transport.write(data, (self.host, self.port))
class Server(DatagramProtocol):
client = None
def datagramReceived(self, data, (host, port)):
if not self.client or self.client.host != host or self.client.port != port:
self.client = Client(self, host, port)
reactor.listenUDP(0, self.client)
global verbose
global notuntil
global request
global testserver
if testserver:
if request < notuntil:
request = request + 1
else:
data = fuzz(data)
if verbose:
print "Client ------> Server"
print "%r" % data
self.client.transport.write(data, (desthost, destport))
# TCP proxy stuff
def server_dataReceived(self, data):
global verbose
global notuntil
global request
global testserver
if testserver:
if request < notuntil:
request = request + 1
else:
data = fuzz(data)
if verbose:
print "Client ------> server"
print "%r" % data
portforward.Proxy.dataReceived(self, data)
portforward.ProxyServer.dataReceived = server_dataReceived
def client_dataReceived(self, data):
global verbose
global notuntil
global request
global testclient
if testclient:
if request < notuntil:
request = request + 1
else:
data = fuzz(data)
if verbose:
print "Server ------> Client"
print "%r" % data
portforward.Proxy.dataReceived(self, data)
portforward.ProxyClient.dataReceived = client_dataReceived
overflowstrings = ["A" * 255, "A" * 256, "A" * 257, "A" * 420, "A" * 511, "A" * 512, "A" * 1023, "A" * 1024, "A" * 2047, "A" * 2048, "A" * 4096, "A" * 4097, "A" * 5000, "A" * 10000, "A" * 20000, "A" * 32762, "A" * 32763, "A" * 32764, "A" * 32765, "A" * 32766, "A" * 32767, "A" * 32768, "A" * 65534, "A" * 65535, "A" * 65536, "%x" * 1024, "%n" * 1025 , "%s" * 2048, "%s%n%x%d" * 5000, "%s" * 30000, "%s" * 40000, "%.1024d", "%.2048d", "%.4096d", "%.8200d", "%99999999999s", "%99999999999d", "%99999999999x", "%99999999999n", "%99999999999s" * 1000, "%99999999999d" * 1000, "%99999999999x" * 1000, "%99999999999n" * 1000, "%08x" * 100, "%%20s" * 1000,"%%20x" * 1000,"%%20n" * 1000,"%%20d" * 1000, "%#0123456x%08x%x%s%p%n%d%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%#0123456x%%x%%s%%p%%n%%d%%o%%u%%c%%h%%l%%q%%j%%z%%Z%%t%%i%%e%%g%%f%%a%%C%%S%%08x"]
def bitflipping(data):
l = len(data)
n = int(l*7/100) # 7% of the bytes to be modified
for i in range(0,n): # We change the bytes
r = randint(0,l-1)
data = data[0:r] + chr(randint(0,255)) + data[r+1:]
return data
def bofinjection(data):
l = len(data)
r = randint(0,len(overflowstrings)-1)
data = data[0:r] + overflowstrings[r] + data[r-l:]
return data
def fuzz(data):
r = randint(0,5)
if r==0:
data = bitflipping(data)
r = randint(0,5)
if r==0:
data = bofinjection(data)
return data
def startudpproxy():
reactor.listenUDP(localport, Server())
reactor.run()
def starttcpproxy():
reactor.listenTCP(localport, portforward.ProxyFactory(desthost, destport))
reactor.run()
def usage():
#print "###############################################################"
print
print "ProxyFuzz 0.1, Simple fuzzing proxy by Rodrigo Marcos"
print "http://www.theartoffuzzing.com"
print
print "usage():"
#print
print "python proxyfuzz -l <localport> -r <remotehost> -p <remoteport> [options]"
print
print " [options]"
print " -c: Fuzz only client side (both otherwise)"
print " -s: Fuzz only server side (both otherwise)"
print " -w: Number of requests to send before start fuzzing"
print " -u: UDP protocol (otherwise TCP is used)"
print " -v: Verbose (outputs network traffic)"
print " -h: Help page"
verbose = False
notuntil = 0
request = 0
proto = "tcp"
localport = 0
desthost = ""
destport = 0
testclient = 1
testserver = 1
def main():
global verbose
global notuntil
global proto
global localport
global desthost
global destport
global testclient
global testserver
try:
opts, args = getopt.getopt(sys.argv[1:], "uvhcsl:r:p:w:", ["help"])
except getopt.GetoptError:
usage()
sys.exit(2)
try:
for o, a in opts:
if o in ("-h", "--help"):
usage()
sys.exit()
if o == "-l":
localport=int(a)
if o == "-r":
desthost=a
if o == "-p":
destport=int(a)
if o == "-v":
verbose = True
if o == "-w":
notuntil=int(a)
if o == "-u":
proto="udp"
if o == "-c": # Only client
testserver=0
if o == "-s": # Only server
testclient=0
except:
usage()
sys.exit(2)
if testserver==0 and testclient==0:
usage()
sys.exit(2)
elif localport==0 or desthost=="" or destport==0:
usage()
sys.exit(2)
else:
if proto=="tcp":
starttcpproxy()
else: # UDP
startudpproxy()
if __name__ == "__main__":
main()