Compare commits
1 Commits
hexo
...
dependabot
| Author | SHA1 | Date | |
|---|---|---|---|
|
6af1b9e160 |
75
package-lock.json
generated
75
package-lock.json
generated
@ -970,7 +970,8 @@
|
||||
},
|
||||
"ansi-regex": {
|
||||
"version": "2.1.1",
|
||||
"bundled": true
|
||||
"bundled": true,
|
||||
"optional": true
|
||||
},
|
||||
"aproba": {
|
||||
"version": "1.2.0",
|
||||
@ -988,11 +989,13 @@
|
||||
},
|
||||
"balanced-match": {
|
||||
"version": "1.0.0",
|
||||
"bundled": true
|
||||
"bundled": true,
|
||||
"optional": true
|
||||
},
|
||||
"brace-expansion": {
|
||||
"version": "1.1.11",
|
||||
"bundled": true,
|
||||
"optional": true,
|
||||
"requires": {
|
||||
"balanced-match": "^1.0.0",
|
||||
"concat-map": "0.0.1"
|
||||
@ -1005,15 +1008,18 @@
|
||||
},
|
||||
"code-point-at": {
|
||||
"version": "1.1.0",
|
||||
"bundled": true
|
||||
"bundled": true,
|
||||
"optional": true
|
||||
},
|
||||
"concat-map": {
|
||||
"version": "0.0.1",
|
||||
"bundled": true
|
||||
"bundled": true,
|
||||
"optional": true
|
||||
},
|
||||
"console-control-strings": {
|
||||
"version": "1.1.0",
|
||||
"bundled": true
|
||||
"bundled": true,
|
||||
"optional": true
|
||||
},
|
||||
"core-util-is": {
|
||||
"version": "1.0.2",
|
||||
@ -1116,7 +1122,8 @@
|
||||
},
|
||||
"inherits": {
|
||||
"version": "2.0.3",
|
||||
"bundled": true
|
||||
"bundled": true,
|
||||
"optional": true
|
||||
},
|
||||
"ini": {
|
||||
"version": "1.3.5",
|
||||
@ -1126,6 +1133,7 @@
|
||||
"is-fullwidth-code-point": {
|
||||
"version": "1.0.0",
|
||||
"bundled": true,
|
||||
"optional": true,
|
||||
"requires": {
|
||||
"number-is-nan": "^1.0.0"
|
||||
}
|
||||
@ -1138,17 +1146,20 @@
|
||||
"minimatch": {
|
||||
"version": "3.0.4",
|
||||
"bundled": true,
|
||||
"optional": true,
|
||||
"requires": {
|
||||
"brace-expansion": "^1.1.7"
|
||||
}
|
||||
},
|
||||
"minimist": {
|
||||
"version": "0.0.8",
|
||||
"bundled": true
|
||||
"bundled": true,
|
||||
"optional": true
|
||||
},
|
||||
"minipass": {
|
||||
"version": "2.3.5",
|
||||
"bundled": true,
|
||||
"optional": true,
|
||||
"requires": {
|
||||
"safe-buffer": "^5.1.2",
|
||||
"yallist": "^3.0.0"
|
||||
@ -1165,6 +1176,7 @@
|
||||
"mkdirp": {
|
||||
"version": "0.5.1",
|
||||
"bundled": true,
|
||||
"optional": true,
|
||||
"requires": {
|
||||
"minimist": "0.0.8"
|
||||
}
|
||||
@ -1237,7 +1249,8 @@
|
||||
},
|
||||
"number-is-nan": {
|
||||
"version": "1.0.1",
|
||||
"bundled": true
|
||||
"bundled": true,
|
||||
"optional": true
|
||||
},
|
||||
"object-assign": {
|
||||
"version": "4.1.1",
|
||||
@ -1247,6 +1260,7 @@
|
||||
"once": {
|
||||
"version": "1.4.0",
|
||||
"bundled": true,
|
||||
"optional": true,
|
||||
"requires": {
|
||||
"wrappy": "1"
|
||||
}
|
||||
@ -1322,7 +1336,8 @@
|
||||
},
|
||||
"safe-buffer": {
|
||||
"version": "5.1.2",
|
||||
"bundled": true
|
||||
"bundled": true,
|
||||
"optional": true
|
||||
},
|
||||
"safer-buffer": {
|
||||
"version": "2.1.2",
|
||||
@ -1352,6 +1367,7 @@
|
||||
"string-width": {
|
||||
"version": "1.0.2",
|
||||
"bundled": true,
|
||||
"optional": true,
|
||||
"requires": {
|
||||
"code-point-at": "^1.0.0",
|
||||
"is-fullwidth-code-point": "^1.0.0",
|
||||
@ -1369,6 +1385,7 @@
|
||||
"strip-ansi": {
|
||||
"version": "3.0.1",
|
||||
"bundled": true,
|
||||
"optional": true,
|
||||
"requires": {
|
||||
"ansi-regex": "^2.0.0"
|
||||
}
|
||||
@ -1407,11 +1424,13 @@
|
||||
},
|
||||
"wrappy": {
|
||||
"version": "1.0.2",
|
||||
"bundled": true
|
||||
"bundled": true,
|
||||
"optional": true
|
||||
},
|
||||
"yallist": {
|
||||
"version": "3.0.3",
|
||||
"bundled": true
|
||||
"bundled": true,
|
||||
"optional": true
|
||||
}
|
||||
}
|
||||
},
|
||||
@ -2442,12 +2461,14 @@
|
||||
"is-extglob": {
|
||||
"version": "2.1.1",
|
||||
"resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz",
|
||||
"integrity": "sha1-qIwCU1eR8C7TfHahueqXc8gz+MI="
|
||||
"integrity": "sha1-qIwCU1eR8C7TfHahueqXc8gz+MI=",
|
||||
"optional": true
|
||||
},
|
||||
"is-glob": {
|
||||
"version": "4.0.1",
|
||||
"resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.1.tgz",
|
||||
"integrity": "sha512-5G0tKtBTFImOqDnLB2hG6Bp2qcKEFduo4tZu9MT/H6NQv/ghhy30o55ufafxJ/LdH79LLs2Kfrn85TLKyA7BUg==",
|
||||
"optional": true,
|
||||
"requires": {
|
||||
"is-extglob": "^2.1.1"
|
||||
}
|
||||
@ -2461,7 +2482,8 @@
|
||||
"normalize-path": {
|
||||
"version": "3.0.0",
|
||||
"resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz",
|
||||
"integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA=="
|
||||
"integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==",
|
||||
"optional": true
|
||||
},
|
||||
"nunjucks": {
|
||||
"version": "3.2.2",
|
||||
@ -2957,9 +2979,9 @@
|
||||
}
|
||||
},
|
||||
"lodash": {
|
||||
"version": "4.17.11",
|
||||
"resolved": "http://registry.npm.taobao.org/lodash/download/lodash-4.17.11.tgz",
|
||||
"integrity": "sha1-s56mIp72B+zYniyN8SU2iRysm40="
|
||||
"version": "4.17.21",
|
||||
"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
|
||||
"integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg=="
|
||||
},
|
||||
"lodash.assignin": {
|
||||
"version": "4.2.0",
|
||||
@ -3345,12 +3367,14 @@
|
||||
"array-unique": {
|
||||
"version": "0.3.2",
|
||||
"resolved": "http://registry.npm.taobao.org/array-unique/download/array-unique-0.3.2.tgz",
|
||||
"integrity": "sha1-qJS3XUvE9s1nnvMkSp/Y9Gri1Cg="
|
||||
"integrity": "sha1-qJS3XUvE9s1nnvMkSp/Y9Gri1Cg=",
|
||||
"optional": true
|
||||
},
|
||||
"braces": {
|
||||
"version": "2.3.2",
|
||||
"resolved": "http://registry.npm.taobao.org/braces/download/braces-2.3.2.tgz",
|
||||
"integrity": "sha1-WXn9PxTNUxVl5fot8av/8d+u5yk=",
|
||||
"optional": true,
|
||||
"requires": {
|
||||
"arr-flatten": "^1.1.0",
|
||||
"array-unique": "^0.3.2",
|
||||
@ -3368,6 +3392,7 @@
|
||||
"version": "2.0.1",
|
||||
"resolved": "http://registry.npm.taobao.org/extend-shallow/download/extend-shallow-2.0.1.tgz",
|
||||
"integrity": "sha1-Ua99YUrZqfYQ6huvu5idaxxWiQ8=",
|
||||
"optional": true,
|
||||
"requires": {
|
||||
"is-extendable": "^0.1.0"
|
||||
}
|
||||
@ -3526,6 +3551,7 @@
|
||||
"version": "4.0.0",
|
||||
"resolved": "http://registry.npm.taobao.org/fill-range/download/fill-range-4.0.0.tgz",
|
||||
"integrity": "sha1-1USBHUKPmOsGpj3EAtJAPDKMOPc=",
|
||||
"optional": true,
|
||||
"requires": {
|
||||
"extend-shallow": "^2.0.1",
|
||||
"is-number": "^3.0.0",
|
||||
@ -3537,6 +3563,7 @@
|
||||
"version": "2.0.1",
|
||||
"resolved": "http://registry.npm.taobao.org/extend-shallow/download/extend-shallow-2.0.1.tgz",
|
||||
"integrity": "sha1-Ua99YUrZqfYQ6huvu5idaxxWiQ8=",
|
||||
"optional": true,
|
||||
"requires": {
|
||||
"is-extendable": "^0.1.0"
|
||||
}
|
||||
@ -3596,7 +3623,8 @@
|
||||
"is-extglob": {
|
||||
"version": "2.1.1",
|
||||
"resolved": "http://registry.npm.taobao.org/is-extglob/download/is-extglob-2.1.1.tgz",
|
||||
"integrity": "sha1-qIwCU1eR8C7TfHahueqXc8gz+MI="
|
||||
"integrity": "sha1-qIwCU1eR8C7TfHahueqXc8gz+MI=",
|
||||
"optional": true
|
||||
},
|
||||
"is-glob": {
|
||||
"version": "4.0.0",
|
||||
@ -3611,6 +3639,7 @@
|
||||
"version": "3.0.0",
|
||||
"resolved": "http://registry.npm.taobao.org/is-number/download/is-number-3.0.0.tgz",
|
||||
"integrity": "sha1-JP1iAaR4LPUFYcgQJ2r8fRLXEZU=",
|
||||
"optional": true,
|
||||
"requires": {
|
||||
"kind-of": "^3.0.2"
|
||||
},
|
||||
@ -3619,6 +3648,7 @@
|
||||
"version": "3.2.2",
|
||||
"resolved": "http://registry.npm.taobao.org/kind-of/download/kind-of-3.2.2.tgz",
|
||||
"integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=",
|
||||
"optional": true,
|
||||
"requires": {
|
||||
"is-buffer": "^1.1.5"
|
||||
}
|
||||
@ -3628,12 +3658,14 @@
|
||||
"isobject": {
|
||||
"version": "3.0.1",
|
||||
"resolved": "http://registry.npm.taobao.org/isobject/download/isobject-3.0.1.tgz",
|
||||
"integrity": "sha1-TkMekrEalzFjaqH5yNHMvP2reN8="
|
||||
"integrity": "sha1-TkMekrEalzFjaqH5yNHMvP2reN8=",
|
||||
"optional": true
|
||||
},
|
||||
"kind-of": {
|
||||
"version": "6.0.2",
|
||||
"resolved": "http://registry.npm.taobao.org/kind-of/download/kind-of-6.0.2.tgz",
|
||||
"integrity": "sha1-ARRrNqYhjmTljzqNZt5df8b20FE="
|
||||
"integrity": "sha1-ARRrNqYhjmTljzqNZt5df8b20FE=",
|
||||
"optional": true
|
||||
},
|
||||
"micromatch": {
|
||||
"version": "3.1.10",
|
||||
@ -3858,7 +3890,8 @@
|
||||
"picomatch": {
|
||||
"version": "2.2.2",
|
||||
"resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.2.2.tgz",
|
||||
"integrity": "sha512-q0M/9eZHzmr0AulXyPwNfZjtwZ/RBZlbN3K3CErVrk50T2ASYI7Bye0EvekFY3IP1Nt2DHu0re+V2ZHIpMkuWg=="
|
||||
"integrity": "sha512-q0M/9eZHzmr0AulXyPwNfZjtwZ/RBZlbN3K3CErVrk50T2ASYI7Bye0EvekFY3IP1Nt2DHu0re+V2ZHIpMkuWg==",
|
||||
"optional": true
|
||||
},
|
||||
"posix-character-classes": {
|
||||
"version": "0.1.1",
|
||||
|
||||
@ -13,7 +13,6 @@ description: 提交个漏洞
|
||||
> by Cool
|
||||
#### 漏洞已提交厂商
|
||||
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10206
|
||||
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29379
|
||||
#### 漏洞类型
|
||||
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
|
||||
|
||||
|
||||
@ -1,71 +0,0 @@
|
||||
---
|
||||
title: 利用AFL黑盒测试网络协议
|
||||
date: 2021-05-20 19:26:35
|
||||
tags:
|
||||
- 模糊测试
|
||||
categories:
|
||||
- IOT
|
||||
description: 做对比实验用的小工具,在拿不到固件的情况下,可以用AFL的变异策略尝试fuzz
|
||||
---
|
||||
源码:https://github.com/Cool-Y/aflnw_blackbox
|
||||
|
||||
AFL是基于变异的模糊测试方法的代表工作,其主要应用于非结构化数据处理程序的漏洞挖掘中。但使用AFL具有比较多的限制:
|
||||
|
||||
1. 本地运行被测程序,从而获取覆盖率等反馈信息
|
||||
2. 被测程序从基本输入输出获取数据
|
||||
|
||||
因此无法直接使用AFL对远程服务进行黑盒测试
|
||||
|
||||
## 现有工作
|
||||
|
||||
目前针对限制2已经有一些解决方案:
|
||||
|
||||
1. hook socket调用:利用 `preeny`库辅助;AFLplusplus
|
||||
1. https://www.cnblogs.com/hac425/p/9416917.html
|
||||
2. https://github.com/AFLplusplus/AFLplusplus/tree/stable/utils/socket_fuzzing
|
||||
2. 修改AFL传递数据的方式:AFLNet: A Greybox Fuzzer for Network Protocols,aflnet在AFL的基础上,将标准输入修改为网络发包的方式
|
||||
1. https://github.com/aflnet/aflnet
|
||||
2. https://www.comp.nus.edu.sg/~abhik/pdf/AFLNet-ICST20.pdf
|
||||
3. 修改网络程序接收数据的方式:bind9的代码中专门提供了用于Fuzz的部分。
|
||||
1. https://github.com/isc-projects/bind9/tree/main/fuzz
|
||||
4. 利用AFL Persistent Mode
|
||||
1. https://www.fastly.com/blog/how-fuzz-server-american-fuzzy-lop
|
||||
2. https://sensepost.com/blog/2017/fuzzing-apache-httpd-server-with-american-fuzzy-lop-%2B-persistent-mode/
|
||||
5. 利用辅助程序转发AFL的输入
|
||||
1. https://github.com/LyleMi/aflnw/blob/main/README.zh-cn.md
|
||||
|
||||
|
||||
但是如果无法将程序放在本地运行,比如物联网设备在拿不到固件的情况下,如何利用AFL的变异方式进行模糊测试。
|
||||
|
||||
## 黑盒方案
|
||||
|
||||
在aflnw的基础上,对辅助程序的工作方式进行了修改,从而实现在不对AFL和被测程序进行修改的条件下,使用一个辅助程序接收AFL从标准输入传递进来的数据,然后通过网络转发给UPnP服务,辅助程序会间隔性地与UPnP端口建立TCP连接,从而判断测试用例是否导致程序崩溃。
|
||||
|
||||
## 如何安装
|
||||
```
|
||||
git clone https://github.com/LyleMi/aflnw.gitcd aflnw
|
||||
export CC=/path/to/afl/afl-clang-fast
|
||||
mkdir build && cd build && cmake .. && make
|
||||
```
|
||||
|
||||
|
||||
|
||||
## 如何使用
|
||||
|
||||
1. 使用wireshark采集种子输入(Follow→TCP Stream,保存为raw文件)
|
||||
|
||||
2. 确定通信协议(udp/tcp)、服务端监控地址、服务端监控端口、socket本地绑定地址
|
||||
3. fuzz,以UPnP协议为例
|
||||
```
|
||||
afl-fuzz -t 1000+ -i ./soap_input/ -o ./soap_out/ -- ./build/aflnw -a 192.168.2.2 -p 5000 -m tcp
|
||||
afl-fuzz -t 2000+ -i ./ssdp_input/ -o ./ssdp_out/ -- ./build/aflnw -a 239.255.255.250 -p 1900 -m udp
|
||||
```
|
||||
|
||||
4. 崩溃重放
|
||||
```
|
||||
./build/aflnw -a 239.255.255.250 -p 1900 -m udp < soap_out/crashes/id:00000....
|
||||
./build/aflnw -a 192.168.2.2 -p 5000 -m tcp < ssdp_out/crashes/id:000000.....
|
||||
```
|
||||
|
||||
## 问题
|
||||
效率很低
|
||||
@ -7,12 +7,12 @@ comments: false
|
||||
|
||||
------
|
||||
## TL;DR
|
||||
- 🔭 Focus on IoT security and Android security.
|
||||
- 🌱 Learning VM escape.
|
||||
- 🔭 I’m currently focus on IoT security and Android security.
|
||||
- 🌱 I’m currently learning VM escape.
|
||||
- 📝 My blog: https://cool-y.github.io/
|
||||
- 🏫 Bachelor: Sichuan university; Master: Wuhan university
|
||||
- 📫 Hit me up: cool.yim@foxmail.com
|
||||
- ⚡ Fun fact: 'Fun Facts' Are Never Fun
|
||||
- ⚡ Fun fact: ‘Fun Facts’ Are Never Fun
|
||||
- 💬 Ask me about ...
|
||||
|
||||
------
|
||||
@ -23,7 +23,7 @@ comments: false
|
||||
### **Android Data-Clone Attack via Operating System Customization**
|
||||
**IEEE Access**, Song, Wenna, Ming Jiang, Han Yan, Yi Xiang, Yuan Chen, Yuan Luo, Kun He, and Guojun Peng.
|
||||
|
||||
### **App's Auto-Login Function Security Testing via Android OS-Level Virtualization**
|
||||
### **App’s Auto-Login Function Security Testing via Android OS-Level Virtualization**
|
||||
**ICSE'21**, Song, Wenna, Jiang Ming, Lin Jiang, Han Yan, Yi Xiang, Yuan Chen, Jianming Fu, and Guojun Peng.
|
||||
|
||||
-------
|
||||
@ -36,4 +36,4 @@ comments: false
|
||||
- PSV-2019-0164
|
||||
- CVE-2019-15843
|
||||
- PSV-2020-0211(extended)
|
||||
- CVE-2021-29379
|
||||
- CVE-2020-15893(extended)
|
||||
|
||||
@ -145,7 +145,7 @@ social:
|
||||
#YouTube: https://youtube.com/yourname || youtube
|
||||
Instagram: https://www.instagram.com/yan__han/ || instagram
|
||||
#Skype: skype:yourname?call|chat || skype
|
||||
# RSS: /atom.xml || fas fa-rss
|
||||
RSS: /atom.xml || fas fa-rss
|
||||
|
||||
social_icons:
|
||||
enable: true
|
||||
@ -549,8 +549,8 @@ rating:
|
||||
# You can visit https://leancloud.cn get AppID and AppKey.
|
||||
leancloud_visitors:
|
||||
enable: true
|
||||
app_id: CnxMogaLcXQrm9Q03lF8XH7j-gzGzoHsz
|
||||
app_key: EHqNuJ6AYvuHnY6bN6w2SMXl
|
||||
app_id: EWwoJgHNdlj6iBjiFlMcabUO-gzGzoHsz
|
||||
app_key: x8FxDrYG79C8YFrTww9ljo8K
|
||||
|
||||
# Another tool to show number of visitors to each article.
|
||||
# visit https://console.firebase.google.com/u/0/ to get apiKey and projectId
|
||||
|
||||
@ -62,8 +62,8 @@ get_font_family(config) {
|
||||
}
|
||||
|
||||
// Font families.
|
||||
//$font-family-chinese = "PingFang SC", "Microsoft YaHei"
|
||||
$font-family-chinese = "Noto Serif SC";
|
||||
$font-family-chinese = "PingFang SC", "Microsoft YaHei"
|
||||
|
||||
$font-family-base = $font-family-chinese, sans-serif
|
||||
$font-family-base = get_font_family('global'), $font-family-chinese, sans-serif if get_font_family('global')
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user