The callback can not capture response when fuzzing http , because the boofuzz send tcp-fin before response .

[cuilu414]

Report

The callback can not capture response when fuzzing http code:

session.connect(s_get("Request"), callback=recv_response)
session.fuzz()

def recv_response(target, fuzz_data_logger, session, test_case_context, *args, **kwargs):
    response = target.recv(1024)
    print(response)
    print(session.last_recv)

result is none: the wireshark result : boofuzz send tcp-fin before response

Expected behavior

The boofuzz should be send tcp-fin after recevie response .

Actual behavior

No response

Steps to reproduce the problem

1.see report 2. 3.

boofuzz script

No response

boofuzz version

0.4.1

Python version

3.10

Platform

Windows

Anything else?

No response

[SR4ven]

Hi @cuilu414, did you set receive_data_after_fuzz in your Session? It will trigger a receive after sending a fuzzed message and save it to session.last_recv, which you can then access in the callback.

Check https://boofuzz.readthedocs.io/en/stable/source/Session.html for a brief description of the available parameters.

[cq674350529]

@cuilu414 As to your case, I think this is the expected behaviour. The callback function is used to modify data in node to be sent with extra support, not to receive response from socket.

According to the following code, the callkack function will be called before self.transmit_fuzz(), which is used to send mutated data. If you try to call target.recv(1024) in callback, since the boofuzz hasn't send data to your target, you will get no response of course.

https://github.com/jtpereyda/boofuzz/blob/69061ef30085aabaa46f56a6cb4b2b17140c9840/boofuzz/sessions.py#L1766-L1781

As @SR4ven suggested above, the right way to receive response from socket is to set extra parameters in your Session, like receive_data_after_fuzz=True. Then you can access the last reponse in your custom callback via session.last_recv.

https://github.com/jtpereyda/boofuzz/blob/69061ef30085aabaa46f56a6cb4b2b17140c9840/boofuzz/sessions.py#L1204-L1228

If receive_data_after_fuzz is False, and reuse_target_connection is False. After calling socket.send(), it will close the socket by calling close(). That's why you see "The boofuzz sent tcp-fin before receiving response".

Hope it helps.

[cuilu414]

Hi @cuilu414, did you set receive_data_after_fuzz in your Session? It will trigger a receive after sending a fuzzed message and save it to session.last_recv, which you can then access in the callback.

Check https://boofuzz.readthedocs.io/en/stable/source/Session.html for a brief description of the available parameters.

Thanks，receive_data_after_fuzz is work ！！！

[cuilu414]

@cuilu414 As to your case, I think this is the expected behaviour. The callback function is used to modify data in node to be sent with extra support, not to receive response from socket.

According to the following code, the callkack function will be called before self.transmit_fuzz(), which is used to send mutated data. If you try to call target.recv(1024) in callback, since the boofuzz hasn't send data to your target, you will get no response of course.

https://github.com/jtpereyda/boofuzz/blob/69061ef30085aabaa46f56a6cb4b2b17140c9840/boofuzz/sessions.py#L1766-L1781

As @SR4ven suggested above, the right way to receive response from socket is to set extra parameters in your Session, like receive_data_after_fuzz=True. Then you can access the last reponse in your custom callback via session.last_recv.

https://github.com/jtpereyda/boofuzz/blob/69061ef30085aabaa46f56a6cb4b2b17140c9840/boofuzz/sessions.py#L1204-L1228

If receive_data_after_fuzz is False, and reuse_target_connection is False. After calling socket.send(), it will close the socket by calling close(). That's why you see "The boofuzz sent tcp-fin before receiving response".

Hope it helps.

Thanks，receive_data_after_fuzz is work ！！！

[cuilu414]

Set receive_data_after_fuzz is true，and use session.last_recv can capture response .