sulley.sessions.session

Package sulley :: Module sessions :: Class session

[show private | hide private]

Type session

object --+    
         |    
     graph --+
             |
            session

Method Summary
	`__init__(self, session_filename, skip, sleep_time, log_level, proto, restart_interval, timeout, web_port, crash_threshold)` Extends pgraph.graph and provides a container for architecting protocol dialogs.
	`add_node(self, node)` Add a pgraph node to the graph.
	`add_target(self, target)` Add a target to the session.
pgraph.edge	`connect(self, src, dst, callback)` Create a connection between the two requests (nodes) and register an optional callback to process in between transmissions of the source and destination request.
	`export_file(self)` Dump various object values to disk.
	`fuzz(self, this_node, path)` Call this routine to get the ball rolling.
	`import_file(self)` Load varous object values from disk.
	`log(self, msg, level)` If the supplied message falls under the current log level, print the specified message to screen.
Integer	`num_mutations(self, this_node, path)` Number of total mutations in the graph.
	`pause(self)` If thet pause flag is raised, enter an endless loop until it is lowered.
	`poll_pedrpc(self, target)` Poll the PED-RPC endpoints (netmon, procmon etc...) for the target.
	`post_send(self, sock)` Overload or replace this routine to specify actions to run prior to each fuzz request.
	`pre_send(self, sock)` Overload or replace this routine to specify actions to run affter to each fuzz request.
	`restart_target(self, target, stop_first)` Restart the fuzz target.
	`server_init(self)` Called by fuzz() on first run (not on recursive re-entry) to initialize variables, web interface, etc...
	`transmit(self, sock, node, edge, target)` Render and transmit a node, process callbacks accordingly.
Inherited from graph
	`add_cluster(self, cluster)` Add a pgraph cluster to the graph.
	`add_edge(self, edge, prevent_dups)` Add a pgraph edge to the graph.
	`add_graph(self, other_graph)` Alias of graph_cat().
	`del_cluster(self, id)` Remove a cluster from the graph.
	`del_edge(self, id, src, dst)` Remove an edge from the graph.
	`del_graph(self, other_graph)` Alias of graph_sub().
	`del_node(self, id)` Remove a node from the graph.
List	`edges_from(self, id)` Enumerate the edges from the specified node.
List	`edges_to(self, id)` Enumerate the edges to the specified node.
Mixed	`find_cluster(self, attribute, value)` Find and return the cluster with the specified attribute / value pair.
Mixed	`find_cluster_by_node(self, attribute, value)` Find and return the cluster that contains the node with the specified attribute / value pair.
Mixed	`find_edge(self, attribute, value)` Find and return the edge with the specified attribute / value pair.
Mixed	`find_node(self, attribute, value)` Find and return the node with the specified attribute / value pair.
	`graph_cat(self, other_graph)` Concatenate the other graph into the current one.
pgraph.graph	`graph_down(self, from_node_id, max_depth)` Create a new graph, looking down, from the specified node id to the specified depth.
	`graph_intersect(self, other_graph)` Remove all elements from the current graph that do not exist in the other graph.
pgraph.graph	`graph_proximity(self, center_node_id, max_depth_up, max_depth_down)` Create a proximity graph centered around the specified node.
	`graph_sub(self, other_graph)` Remove the elements shared between the current graph and other graph from the current graph.
pgraph.graph	`graph_up(self, from_node_id, max_depth)` Create a new graph, looking up, from the specified node id to the specified depth.
String	`render_graph_gml(self)` Render the GML graph description.
pydot.Dot	`render_graph_graphviz(self)` Render the graphviz graph structure.
String	`render_graph_udraw(self)` Render the uDraw graph description.
String	`render_graph_udraw_update(self)` Render the uDraw graph update description.
List	`sorted_nodes(self)` Return a list of the nodes within the graph, sorted by id.
	`update_node_id(self, current_id, new_id)` Simply updating the id attribute of a node will sever the edges to / from the given node.
Inherited from object
	`__delattr__(...)` x.__delattr__('name') <==> del x.name
	`__getattribute__(...)` x.__getattribute__('name') <==> x.name
	`__hash__(x)` x.__hash__() <==> hash(x)
	`__new__(T, S, ...)` T.__new__(S, ...) -> a new object with type S, a subtype of T
	`__reduce__(...)` helper for pickle
	`__reduce_ex__(...)` helper for pickle
	`__repr__(x)` x.__repr__() <==> repr(x)
	`__setattr__(...)` x.__setattr__('name', value) <==> x.name = value
	`__str__(x)` x.__str__() <==> str(x)

Class Variable Summary
Inherited from graph
`list`	`clusters` = `[]`
`dict`	`edges` = `{}`
`NoneType`	`id` = None
`dict`	`nodes` = `{}`

Method Details

init(self, session_filename=None, skip=0, sleep_time=1.0, log_level=2, proto='tcp', restart_interval=0, timeout=5.0, web_port=26000, crash_threshold=3)
(Constructor)

Extends pgraph.graph and provides a container for architecting protocol dialogs.

Parameters:: session_filename
(type=String); skip
(type=Integer); sleep_time
(type=Float); log_level
(type=Integer); proto
(type=String); restart_interval
(type=Integer @kwarg restart_interval (Optional, def=0) Restart the target after n test cases, disable by setting to 0); timeout
(type=Float); crash_threshold
(type=Integer @kwarg crash_threshold (Optional, def=3) Maximum number of crashes allowed before a node is exhaust)

Keyword Parameters:: session_filename - (Optional, def=None) Filename to serialize persistant data to; skip - (Optional, def=0) Number of test cases to skip; sleep_time - (Optional, def=1.0) Time to sleep in between tests; log_level - (Optional, def=2) Set the log level, higher number == more log messages; proto - (Optional, def="tcp") Communication protocol; timeout - (Optional, def=5.0) Seconds to wait for a send/recv prior to timing out

Overrides:: sulley.pgraph.graph.graph.__init__

add_node(self, node)

Add a pgraph node to the graph. We overload this routine to automatically generate and assign an ID whenever a node is added.

Parameters:: node - Node to add to session graph
(type=pGRAPH Node)

Overrides:: sulley.pgraph.graph.graph.add_node

add_target(self, target)

Add a target to the session. Multiple targets can be added for parallel fuzzing.

Parameters:: target - Target to add to session
(type=session.target)

connect(self, src, dst=None, callback=None)

Create a connection between the two requests (nodes) and register an optional callback to process in between transmissions of the source and destination request. Leverage this functionality to handle situations such as challenge response systems. The session class maintains a top level node that all initial requests must be connected to. Example:

   sess = sessions.session()
   sess.connect(sess.root, s_get("HTTP"))

If given only a single parameter, sess.connect() will default to attaching the supplied node to the root node. This is a convenient alias and is identical to the second line from the above example:

   sess.connect(s_get("HTTP"))

If you register callback method, it must follow this prototype:

   def callback(session, node, edge, sock)

Where node is the node about to be sent, edge is the last edge along the current fuzz path to "node", session is a pointer to the session instance which is useful for snagging data such as sesson.last_recv which contains the data returned from the last socket transmission and sock is the live socket. A callback is also useful in situations where, for example, the size of the next packet is specified in the first packet. As another example, if you need to fill in the dynamic IP address of the target register a callback that snags the IP from sock.getpeername()[0].

Parameters:: src - Source request name or request node
(type=String or Request (Node)); dst - Destination request name or request node
(type=String or Request (Node)); callback - (Optional, def=None) Callback function to pass received data to between node xmits
(type=Function)

Returns:: The edge between the src and dst.
(type=pgraph.edge)

export_file(self)

Dump various object values to disk.

: See Also: import_file()

fuzz(self, this_node=None, path=[])

Call this routine to get the ball rolling. No arguments are necessary as they are both utilized internally during the recursive traversal of the session graph.

Parameters:: this_node - (Optional, def=None) Current node that is being fuzzed.
(type=request (node)); path - (Optional, def=[]) Nodes along the path to the current one being fuzzed.
(type=List)

import_file(self)

Load varous object values from disk.

: See Also: export_file()

log(self, msg, level=1)

If the supplied message falls under the current log level, print the specified message to screen.

Parameters:: msg - Message to log
(type=String)

num_mutations(self, this_node=None, path=[])

Number of total mutations in the graph. The logic of this routine is identical to that of fuzz(). See fuzz() for inline comments. The member varialbe self.total_num_mutations is updated appropriately by this routine.

Parameters:: this_node - (Optional, def=None) Current node that is being fuzzed.
(type=request (node)); path - (Optional, def=[]) Nodes along the path to the current one being fuzzed.
(type=List)

Returns:: Total number of mutations in this session.
(type=Integer)

pause(self)

If thet pause flag is raised, enter an endless loop until it is lowered.

poll_pedrpc(self, target)

Poll the PED-RPC endpoints (netmon, procmon etc...) for the target.

Parameters:: target - Session target whose PED-RPC services we are polling
(type=session.target)

post_send(self, sock)

Overload or replace this routine to specify actions to run prior to each fuzz request. The order of events is as follows:

   pre_send() - req - callback ... req - callback - post_send()

When fuzzing RPC for example, register this method to establish the RPC bind.

Parameters:: sock - Connected socket to target
(type=Socket)

See Also: pre_send()

pre_send(self, sock)

Overload or replace this routine to specify actions to run affter to each fuzz request. The order of events is as follows:

   pre_send() - req - callback ... req - callback - post_send()

When fuzzing RPC for example, register this method to tear down the RPC request.

Parameters:: sock - Connected socket to target
(type=Socket)

See Also: pre_send()

restart_target(self, target, stop_first=True)

Restart the fuzz target. If a VMControl is available revert the snapshot, if a process monitor is available restart the target process. Otherwise, do nothing.

Parameters:: target - Target we are restarting
(type=session.target)

server_init(self)

Called by fuzz() on first run (not on recursive re-entry) to initialize variables, web interface, etc...

transmit(self, sock, node, edge, target)

Render and transmit a node, process callbacks accordingly.

Parameters:: sock - Socket to transmit node on
(type=Socket); node - Request/Node to transmit
(type=Request (Node)); edge - Edge along the current fuzz path from "node" to next node.
(type=Connection (pgraph.edge)); target - Target we are transmitting to
(type=session.target)

Generated by Epydoc 2.1 on Fri Jul 27 17:40:03 2007

http://epydoc.sf.net