Fuzzing

Contents

Fuzzing#

  • Scapy comes with a fuzz function for Packet objects.

  • Every not specified field of a packet will be replaced with a random value generator.

Example#

  • Define a custom Packet

from scapy.all import *
from scapy.layers.can import *

class testFrame(SignalPacket):
    fields_desc = [
        LEUnsignedSignalField("usig", 0, start=0, size=9, scaling=2),
        BESignedSignalField("ssig", 0, start=9, size=8,   scaling=0.5),
        LEFloatSignalField("fsig", 0, start=32)]
 
bind_layers(SignalHeader, testFrame, identifier=0x123)

  • Create a testFrame

pkt = SignalHeader()/testFrame(usig=2, ssig=4, fsig=8)
pkt.show2()

###[ SignalHeader ]###
  flags     = 
  identifier= 0x123
  length    = 8
  fd_flags  = 
  reserved  = 0
###[ testFrame ]###
     usig      = 2 
     ssig      = 4.0 
     fsig      = 8.0

  • Create a testFrame and fuzz all fields

pkt = SignalHeader()/fuzz(testFrame())
pkt.show2()

###[ SignalHeader ]###
  flags     = 
  identifier= 0x123
  length    = 8
  fd_flags  = 
  reserved  = 0
###[ testFrame ]###
     usig      = 178 
     ssig      = 21.0 
     fsig      = -3.0046678858254023e-33

  • Create a testFrame and fuzz only specific fields

pkt = SignalHeader()/fuzz(testFrame(usig=2, ssig=4))
pkt.show2()

###[ SignalHeader ]###
  flags     = 
  identifier= 0x123
  length    = 8
  fd_flags  = 
  reserved  = 0
###[ testFrame ]###
     usig      = 2 
     ssig      = 4.0 
     fsig      = 59180.37109375
Contents