Skip to content

Commit

Permalink
saving each fuzzresult using pickle.dump and not buffering (fixes #37…
Browse files Browse the repository at this point in the history
…8 #377)
  • Loading branch information
xmendez committed Jan 29, 2015
1 parent 7a8ceb9 commit 0440c76
Show file tree
Hide file tree
Showing 4 changed files with 34 additions and 38 deletions.
30 changes: 12 additions & 18 deletions framework/fuzzer/Fuzzer.py
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
import threading
import time
from Queue import Queue
import pickle
import cPickle as pickle
import gzip

from framework.fuzzer.fuzzobjects import FuzzResult
Expand Down Expand Up @@ -99,8 +99,12 @@ def __init__(self, options):
self.genReq = options.get("genreq")

# save results
self.output_fn = options.get("output_filename")
self.stored_res = []
self.output_fn = None
if options.get("output_filename"):
try:
self.output_fn = gzip.open(options.get("output_filename"), 'w+b')
except Exception:
raise FuzzException(FuzzException.FATAL, "Error opening results file!")

# Get active plugins
lplugins = None
Expand Down Expand Up @@ -172,13 +176,15 @@ def next(self):
if not res:
raise StopIteration

# Save results?
if res and self.output_fn:
pickle.dump(res, self.output_fn)

# check if we are done. If so, send None to everyone so the can stop nicely
if self.genReq.stats.pending_fuzz == 0 and self.genReq.stats.pending_seeds == 0:
if self.output_fn: self.output_fn.close()
self.seed_queue.put_last(None)

# Save results?
if res and self.output_fn: self.stored_res.append(res)

return res

def stats(self):
Expand Down Expand Up @@ -221,15 +227,3 @@ def pause_job(self):

def resume_job(self):
self.http_queue.pause.set()

def save_results(self):
if not self.output_fn:
return

try:
with gzip.open(self.output_fn, 'w+b') as output:
#with open(self.output_fn, 'w+b') as output:
pickle.dump(self.stored_res, output)
except Exception, e:
raise FuzzException(FuzzException.FATAL, "Error writing fuzz results: %s " % (str(e)))

16 changes: 11 additions & 5 deletions framework/plugins/api.py
Original file line number Diff line number Diff line change
Expand Up @@ -227,18 +227,24 @@ def __init__(self, default_param, extra_params):
is_sliced, self._iterator = self.my_slice_iter(default_param, offset, limit)
self._slice_it(is_sliced, offset, limit)

if self._count <= 0:
raise FuzzException(FuzzException.FATAL, "Number of elements is negative.")
#if self._count <= 0:
#raise FuzzException(FuzzException.FATAL, "Number of elements is negative.")

def _slice_it(self, is_sliced, offset, limit):
maxc = self.my_max_count()

if not is_sliced:
if offset > maxc: offset = maxc
if offset > maxc and maxc > 0: offset = maxc
if limit == 0: limit = maxc

self._iterator = itertools.islice(self._iterator, offset, min(offset + limit, maxc))
self._count = min(offset + limit, maxc) - offset
if not limit or limit < 0:
limit = None
self._count = -1
else:
limit = min(offset + limit, maxc)
self._count = limit - offset

self._iterator = itertools.islice(self._iterator, offset, limit)
else:
self._count = maxc

Expand Down
23 changes: 11 additions & 12 deletions plugins/payloads.py
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
import random
import sys
import __builtin__
import pickle
import cPickle as pickle
import gzip

from externals.moduleman.plugin import moduleman_plugin
Expand Down Expand Up @@ -408,19 +408,18 @@ def my_max_count(self):
return self.__max

def my_slice_iter(self, default_param, offset, limit):
pkl_file = None
try:
pkl_file = gzip.open(default_param, 'r+b')
#pkl_file = open(path, 'r+b')
fuzz_results = pickle.load(pkl_file)
except Exception,e:
raise FuzzException(FuzzException.FATAL, "Error opening wfuzz results file: %s" % str(e))
finally:
if pkl_file: pkl_file.close()
self.__max = -1

self.__max = len(fuzz_results)
return False, self.gen_wfuzz(default_param)

return False, fuzz_results
def gen_wfuzz(self, output_fn):
try:
with gzip.open(output_fn, 'r+b') as output:
#with open(self.output_fn, 'r+b') as output:
while 1:
yield pickle.load(output)
except EOFError:
raise StopIteration

def next (self):
return self._iterator.next().url
3 changes: 0 additions & 3 deletions wfuzz.py
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,3 @@
finally:
if kb: kb.cancel_job()
Facade().sett.save()
if session_options and session_options.get("output_filename"):
print "\nPlease wait, writing fuzz results to file: %s..." % session_options.get("output_filename")
fz.save_results()

0 comments on commit 0440c76

Please sign in to comment.