Help with running as server

googleprojectzero / Jackalope

Binary, coverage-guided fuzzer for Windows, macOS, Linux and Android

Apache License 2.0

1.1k stars 128 forks source link

Help with running as server #45

Closed HappyLongShort closed 1 year ago

HappyLongShort commented 1 year ago

No matter what i seem to try,cannot get Jackalope to work with server instance (fuzzer.exe -start_server 127.0.0.1:800 -out outdir ) and then connect the client (fuzzer.exe -server 127.0.0.1:8000 ...). Any example how to properly use server commands?

ifratric commented 1 year ago

It should work like than (I see in the example command lines on server you have port 800 and in one client port 8000 but I assume that's a typo in a bug report). Do you get any error messages on either client or server? What's the exact behavior you are experiencing?

HappyLongShort commented 1 year ago

Yes,sorry my bad.I meant port 8000 on both. This is on the same machine. For the server instance fuzzer.exe -start_server 127.0.0.1:8000 -out server_out_dir For the client instance fuzzer.exe -server 127.0.0.1:8000 -in in -out server_out_dir -t 1000 -delivery file -instrument_module test.dll -target_module example.exe -target_method fuzz -nargs 1 -iterations 1000 -persist -loop -cmp_coverage -- example.exe @@

I can see the port 8000 listening but it has 0 connections,and the samples are not saved at the server_samples dir but in the samples dir

ifratric commented 1 year ago

I just tried to reproduce and everything appears to be running normally for me. My commands

Server:

fuzzer.exe -start_server 127.0.0.1:8000 -out server_out

Client:

fuzzer.exe -in in -out out -t 1000 -delivery shmem -instrument_module test.exe -target_module test.exe -target_method fuzz -nargs 1 -iterations 10000 -persist -loop -cmp_coverage -server 127.0.0.1:8000 -- test.exe -m @@

Using the test binary provided with Jackalope and starting with a single input sample.

Note some server behavior that you might not expect

The client will not connect to the server until it finishes processing all files in the input corpus.
The client will not send any samples from the input corpus to the server. The server assumes all clients already have those. Thus, you'll see samples in the server's output directory only after the client discovers new samples not in corpus.

ifratric commented 1 year ago

Sorry, pressed send too soon, updated comment.

HappyLongShort commented 1 year ago

That makes sense.Thanks for the quick response.Will let the fuzzer go through all the samples first

ifratric commented 1 year ago

One other thing, you might want to avoid pointing both the client and the server to the same output directory. While that might work due to server using different file and directory names in the output, I don't have a high degree of confidence this is always the case.

HappyLongShort commented 1 year ago

Understood.Will it create state.dat in the client output dir?As that way would possible to resume fuzzing from the client dir with mupltiple threads

ifratric commented 1 year ago

Yes, both client and server will save state periodically in the output dir. That way you can resume both.

But even if you don't resume the client (and resume the server), the client should still be able to pick up the latest samples from the server.

HappyLongShort commented 1 year ago

Understood.Thank you so much for answering my questions