Fuzzing

• Scapy comes with a fuzz function for Packet objects.

• Every not specified field of a packet will be replaced with a random value generator.

Example

• Define a custom Packet

from scapy.all import *
from scapy.layers.can import *

class testFrame(SignalPacket):
    fields_desc = [
        LEUnsignedSignalField("usig", 0, start=0, size=9, scaling=2),
        BESignedSignalField("ssig", 0, start=9, size=8,   scaling=0.5),
        LEFloatSignalField("fsig", 0, start=32)]
 
bind_layers(SignalHeader, testFrame, identifier=0x123)

• Create a testFrame

pkt = SignalHeader()/testFrame(usig=2, ssig=4, fsig=8)
pkt.show2()

###[ SignalHeader ]###
  flags     = 
  identifier= 0x123
  length    = 8
  fd_flags  = 
  reserved  = 0
###[ testFrame ]###
     usig      = 2 
     ssig      = 4.0 
     fsig      = 8.0 

• Create a testFrame and fuzz all fields

pkt = SignalHeader()/fuzz(testFrame())
pkt.show2()

###[ SignalHeader ]###
  flags     = 
  identifier= 0x123
  length    = 8
  fd_flags  = 
  reserved  = 0
###[ testFrame ]###
     usig      = 738 
     ssig      = -8.5 
     fsig      = -1.4592844763683388e-06 

• Create a testFrame and fuzz only specific fields

pkt = SignalHeader()/fuzz(testFrame(usig=2, ssig=4))
pkt.show2()

###[ SignalHeader ]###
  flags     = 
  identifier= 0x123
  length    = 8
  fd_flags  = 
  reserved  = 0
###[ testFrame ]###
     usig      = 2 
     ssig      = 4.0 
     fsig      = 1322069.875