kitty.model.low_level.mutated_field module¶
Fields to perform mutation fuzzing
In some cases, you might not know the details and structure of the fuzzed protocol (or might just be too lazy) but you do have some examples of valid messages. In these cases, it makes sense to perform mutation fuzzing. The strategy of mutation fuzzing is to take some valid messages and mutate them in various ways. Kitty supports the following strategies described below. The last one, MutableField, combines all strategies, with reasonable parameters, together.
Currently all strategies are inspired by this article: http://lcamtuf.blogspot.com/2014/08/binary-fuzzing-strategies-what-works.html
-
class
kitty.model.low_level.mutated_field.
BitFlip
(value, num_bits=1, fuzzable=True, name=None)[source]¶ Bases:
kitty.model.low_level.field.BaseField
Perform bit-flip mutations of N sequential bits on the value
Example: BitFlip('\x01', 3) Results in: '\xe1', '\x71', '\x39', '\x1d', '\x0f', '\x06'
-
__init__
(value, num_bits=1, fuzzable=True, name=None)[source]¶ Parameters: - value – value to mutate (str)
- num_bits – number of consequtive bits to flip (invert)
- fuzzable – is field fuzzable (default: True)
- name – name of the object (default: None)
Raises: KittyException
if num_bits is bigger than the value length in bitsRaises: KittyException
if num_bits is not positive
-
-
class
kitty.model.low_level.mutated_field.
BitFlips
(value, bits_range=[1, 2, 3, 4], fuzzable=True, name=None)[source]¶ Bases:
kitty.model.low_level.container.OneOf
Perform bit-flip mutations of (N..) sequential bits on the value
-
__init__
(value, bits_range=[1, 2, 3, 4], fuzzable=True, name=None)[source]¶ Parameters: - value (str) – value to mutate
- bits_range – range of number of consequtive bits to flip (default: range(1, 5))
- fuzzable – is field fuzzable (default: True)
- name – name of the object (default: None)
Example: BitFlips('\x00', (3, 5)) Results in: '\xe0', '\x70', '\x38', '\x1c', '\x0e', '\x07' - 3 bits flipped each time '\xf8', '\x7c', '\x3e', '\x1f' - 5 bits flipped each time
-
-
class
kitty.model.low_level.mutated_field.
BlockDuplicate
(value, block_size, num_dups=2, fuzzable=True, name=None)[source]¶ Bases:
kitty.model.low_level.mutated_field.BlockOperation
Duplicate a block of bytes from the default value, each mutation moving one byte forward.
-
__init__
(value, block_size, num_dups=2, fuzzable=True, name=None)[source]¶ Parameters: - value (str) – value to mutate
- block_size – number of consequtive bytes to duplicate
- num_dups – number of times to duplicate the block (default: 1)
- fuzzable – is field fuzzable (default: True)
- name – name of the object (default: None)
Raises: KittyException
if block_size is bigger than the value length in bytesRaises: KittyException
if block_size is not positive
-
-
class
kitty.model.low_level.mutated_field.
BlockDuplicates
(value, block_size, num_dups_range=(2, 5, 10, 50, 200), fuzzable=True, name=None)[source]¶ Bases:
kitty.model.low_level.container.OneOf
Perform block duplication with multiple number of duplications
-
class
kitty.model.low_level.mutated_field.
BlockOperation
(value, block_size, fuzzable=True, name=None)[source]¶ Bases:
kitty.model.low_level.field.BaseField
Base class for performing block-level mutations
-
__init__
(value, block_size, fuzzable=True, name=None)[source]¶ Parameters: - value (str) – value to mutate
- block_size – number of consequtive bytes to operate on
- fuzzable – is field fuzzable (default: True)
- name – name of the object (default: None)
Raises: KittyException
if block_size is bigger than the value length in bytesRaises: KittyException
if block_size is not positive
-
-
class
kitty.model.low_level.mutated_field.
BlockRemove
(value, block_size, fuzzable=True, name=None)[source]¶ Bases:
kitty.model.low_level.mutated_field.BlockOperation
Remove a block of bytes from the default value, each mutation moving one byte forward.
-
__init__
(value, block_size, fuzzable=True, name=None)[source]¶ Parameters: - value (str) – value to mutate
- block_size – number of consequtive bytes to remove
- fuzzable – is field fuzzable (default: True)
- name – name of the object (default: None)
Raises: KittyException
if block_size is bigger than the value length in bytesRaises: KittyException
if block_size is not positive
-
-
class
kitty.model.low_level.mutated_field.
BlockSet
(value, block_size, set_chr, fuzzable=True, name=None)[source]¶ Bases:
kitty.model.low_level.mutated_field.BlockOperation
Set a block of bytes from the default value to a specific value, each mutation moving one byte forward.
-
__init__
(value, block_size, set_chr, fuzzable=True, name=None)[source]¶ Parameters: - value (str) – value to mutate
- block_size – number of consequtive bytes to duplicate
- set_chr – char to set in the blocks
- fuzzable – is field fuzzable (default: True)
- name – name of the object (default: None)
Raises: KittyException
if block_size is bigger than the value length in bytesRaises: KittyException
if block_size is not positive
-
-
class
kitty.model.low_level.mutated_field.
ByteFlip
(value, num_bytes=1, fuzzable=True, name=None)[source]¶ Bases:
kitty.model.low_level.field.BaseField
Flip number of sequential bytes in the message, each mutation moving one byte forward.
Example: ByteFlip('\x00\x00\x00\x00', 2) # results in: '\xff\xff\x00\x00' '\x00\xff\xff\x00' '\x00\x00\xff\xff'
-
__init__
(value, num_bytes=1, fuzzable=True, name=None)[source]¶ Parameters: - value (str) – value to mutate
- num_bytes – number of consequtive bytes to flip (invert)
- fuzzable – is field fuzzable (default: True)
- name – name of the object (default: None)
Raises: KittyException
if num_bytes is bigger than the value lengthRaises: KittyException
if num_bytes is not positive
-
-
class
kitty.model.low_level.mutated_field.
ByteFlips
(value, bytes_range=(1, 2, 4), fuzzable=True, name=None)[source]¶ Bases:
kitty.model.low_level.container.OneOf
Perform byte-flip mutations of (N..) sequential bytes on the value
-
__init__
(value, bytes_range=(1, 2, 4), fuzzable=True, name=None)[source]¶ Parameters: - value (str) – value to mutate
- bytes_range – range of number of consequtive bytes to flip (default: (1, 2, 4))
- fuzzable – is field fuzzable (default: True)
- name – name of the object (default: None)
Example: ByteFlips('\x00\x00\x00\x00', (2,3)) Results in: '\xff\xff\x00\x00', '\x00\xff\xff\x00', '\x00\x00\xff\xff' # 2 bytes flipped each time '\xff\xff\xff\x00', '\x00\xff\xff\xff' # 3 bytes flipped each time
-
-
class
kitty.model.low_level.mutated_field.
MutableField
(value, encoder=<kitty.model.low_level.encoder.ByteAlignedBitsEncoder object>, fuzzable=True, name=None)[source]¶ Bases:
kitty.model.low_level.container.OneOf
Container to perform mutation fuzzing on a value ByteFlips, BitFlips and block operations
-
__init__
(value, encoder=<kitty.model.low_level.encoder.ByteAlignedBitsEncoder object>, fuzzable=True, name=None)[source]¶ Parameters: - value (str) – value to mutate
- encoder (BitsEncoder) – encoder for the container (default: ENC_BITS_BYTE_ALIGNED)
- fuzzable – is fuzzable (default: True)
- name – (unique) name of the template (default: None)
-