stephenfewer / grinder

Grinder is a system to automate the fuzzing of web browsers and the management of a large number of crashes.
BSD 3-Clause "New" or "Revised" License
415 stars 131 forks source link

Crashes not showing up on Grinder Server #41

Open Xploit3r opened 10 years ago

Xploit3r commented 10 years ago

On the grinder node: I got a crash for the browser.

Now, it posts the crash information to grinder server's status.php

I am able to see the crash data being sent in the HTTP POST request to the grinder server and also a 200OK response from it as shown below:

POST /status.php HTTP/1.1
Accept: */*
User-Agent: Ruby
Content-Type: application/x-www-form-urlencoded
Connection: close
Host: xxx.xxx.xxx.xxx
Content-Length: 16957

key=xxxxxx&action=add_crash&time=2012-01-10+16%3A13%3A55&node=G1&browser=&hash_quick=xxxxxxxx&hash_full=xxxxxxxx&type=Read+Access+Violation&fuzzer=custom&crash_data=CkNh....&log_data=&verified=0

HTTP/1.1 200 OK
Date: Tue, 10 Jun 2014 10:43:56 GMT
Server: Apache/2.4.4 (Win32) PHP/5.4.16
X-Powered-By: PHP/5.4.16
Content-Length: 0
Connection: close
Content-Type: text/html

I have masked some information above.

Now, on grinder server: It does not report the crash on grinder server's web interface and does not show in crashes section either.

I checked the database tables, "crashes" using phpmyadmin on grinder server and no data specific to crash was inserted in the Database either.

The only statistics being updated on the grinder server are that the node is active and number of test cases tested per minute.

I checked the add_crash function defined in status.php and it should be inserting data in the crashes table when it receives the crash information from a grinder node

function add_crash( $time, $node, $target, $hash_quick, $hash_full, $type, $fuzzer, $log_data, $crash_data, $verified )
{
......
$sql  = "INSERT INTO crashes ( time, node, target, hash, hash_quick, hash_full, type, fuzzer, count, log_data, crash_data, verified ) VALUES ";

$sql .= "( '" . $time . "', '" . $node . "', '" . $target . "', '" . $hash . "', '" . $hash_quick . "', '" . $hash_full . "', '" . $type . "', '" . $fuzzer . "', '1', '" . $log_data . "', '" . $crash_data . "', '" . $verified . "' );";

$result = mysql_query( $sql );

I am not sure why it is not inserting the data in the table.

Also, I can see that the grinder server responds with a 200OK response code.

And in status.php, if there was an error in processing the request, it would return 404 not found:

if( $success )
        header( 'HTTP/1.0 200 OK' );
    else
        header( 'HTTP/1.0 404 Not Found' );

There should not be an issue in inserting data into the DB because the "nodes" table does get updated.

Help would be appreciated.

Thanks.

Xploit3r commented 10 years ago

The issue above occurred while fuzzing IE6. I just tested with IE8 and the crash details are being reported to grinder server properly. I will recheck with IE6 to make sure that the issue is reproducible and also this problem occurs with other versions of Browser as well.

wchen-r7 commented 10 years ago

Hmm to be honest I'm not super sure why the data isn't being inserted. But have you noticed that the PHP code specifies "HTTP/1.0 200 OK", and you're getting "HTTP/1.1 200 OK"

Look closer: HTTP/1.0 vs HTTP/1.1? The version number is different.

Are you sure the function add_crash was actually called?

mutfuzz commented 10 years ago

do the logger actually log? i mean do you see the xml log files gets created in $logger_dir and grow i size?

because i believe that grinder dose not support IE6 or IE7 since node/browser/internetexplorer.rb dose not have the assembly code to patch any logging function (ie: parseFloat()) for IE6

On 11 June 2014 07:54, sinn3r notifications@github.com wrote:

Hmm to be honest I'm not super sure why the data isn't being inserted. But have you noticed that the PHP code specifies "HTTP/1.0 200 OK", and you're getting "HTTP/1.1 200 OK"

Look closer: HTTP/1.0 vs HTTP/1.1?

Are you sure the function add_crash was actually called?

— Reply to this email directly or view it on GitHub https://github.com/stephenfewer/grinder/issues/41#issuecomment-45699247.

stephenfewer commented 10 years ago

Hi @Xploit3r, were you able to resolve this issue? like @mutfuzz mentioned, ie6/7 are not supported