3

I need to fuzz an interactive binary (for which I do not have the source code) compiled for a MIPS architecture. It is a login console and i'd like to fuzz the interactive text provided by the user (ie.: the console asks for a username, the user types it in, the console asks for a password, the users provides it. I want to fuzz username and password). Is there any tool that helps me doing that? Furthermore, the tool should be able to fuzz via qemu or something similar since I am not using a MIPS machine to do so.

sowdust
  • 63
  • 5

1 Answers1

3

AFL can perform qemu user-mode fuzzing. It is capable of providing the input to the executable on standard in, so it can handle most interactive programs. However, if your login binary is using special ioctls to directly access the terminal, you may still need to do some work to begin fuzzing it. In that case, I'd suggest building an LD_PRELOAD shim to transform the terminal-specific ioctls into raw read operations from stdin.

David
  • 15,814
  • 3
  • 48
  • 73
  • Thanks very much for the answer. Besides some problems I am having with qemu mode on afl which I will try to resolve a bit more before asking, it is still not very clear to me how I can tell the fuzzer exactly when it should fuzz the input. For example I have a login console which is firts launched, and after that it reads the username from user input from stdin using scanf() and then the password with the same mechanism. Let's say I want to fuzz the username field: how can I do it with afl? – sowdust Jan 15 '18 at 20:19