From efd6fdb0e24532de757fc90a8d3ae984b7170c51 Mon Sep 17 00:00:00 2001
From: Aldo Cortesi <aldo@nullcube.com>
Date: Sun, 26 Oct 2014 17:13:25 +1300
Subject: [PATCH] Start a fuzzing architecture for mitmproxy

---
 libmproxy/dump.py                     | 11 +++++++----
 libmproxy/proxy/server.py             |  2 +-
 test/fuzzing/.env                     |  6 ++++++
 test/fuzzing/README                   | 14 ++++++++++++++
 test/fuzzing/client_patterns          |  4 ++++
 test/fuzzing/go_proxy                 | 15 +++++++++++----
 test/fuzzing/reverse_patterns         |  9 +++++++++
 test/fuzzing/straight_stream          |  4 ++++
 test/fuzzing/straight_stream_patterns |  5 +++++
 9 files changed, 61 insertions(+), 9 deletions(-)
 create mode 100644 test/fuzzing/.env
 create mode 100644 test/fuzzing/README
 create mode 100644 test/fuzzing/client_patterns
 create mode 100644 test/fuzzing/reverse_patterns
 create mode 100644 test/fuzzing/straight_stream
 create mode 100644 test/fuzzing/straight_stream_patterns

diff --git a/libmproxy/dump.py b/libmproxy/dump.py
index ccb2b5b54..9fb0f0017 100644
--- a/libmproxy/dump.py
+++ b/libmproxy/dump.py
@@ -1,10 +1,13 @@
 from __future__ import absolute_import
-import sys, os
+import sys
+import os
 import netlib.utils
 from . import flow, filt, utils
 from .protocol import http
 
-class DumpError(Exception): pass
+
+class DumpError(Exception):
+    pass
 
 
 class Options(object):
@@ -37,6 +40,7 @@ class Options(object):
         "replay_ignore_content",
         "replay_ignore_params",
     ]
+
     def __init__(self, **kwargs):
         for k, v in kwargs.items():
             setattr(self, k, v)
@@ -71,7 +75,7 @@ class DumpMaster(flow.FlowMaster):
         self.anticache = options.anticache
         self.anticomp = options.anticomp
         self.showhost = options.showhost
-        self.replay_ignore_params = options.replay_ignore_params    
+        self.replay_ignore_params = options.replay_ignore_params
         self.replay_ignore_content = options.replay_ignore_content
         self.refresh_server_playback = options.refresh_server_playback
 
@@ -88,7 +92,6 @@ class DumpMaster(flow.FlowMaster):
         if options.stickyauth:
             self.set_stickyauth(options.stickyauth)
 
-
         if options.wfile:
             path = os.path.expanduser(options.wfile)
             try:
diff --git a/libmproxy/proxy/server.py b/libmproxy/proxy/server.py
index fdf6405ae..613662c36 100644
--- a/libmproxy/proxy/server.py
+++ b/libmproxy/proxy/server.py
@@ -275,4 +275,4 @@ class ConnectionHandler:
         # make dang sure it doesn't happen.
         except:  # pragma: no cover
             import traceback
-            self.log("Error in handle_sni:\r\n" + traceback.format_exc(), "error")
\ No newline at end of file
+            self.log("Error in handle_sni:\r\n" + traceback.format_exc(), "error")
diff --git a/test/fuzzing/.env b/test/fuzzing/.env
new file mode 100644
index 000000000..e2cf7829e
--- /dev/null
+++ b/test/fuzzing/.env
@@ -0,0 +1,6 @@
+
+MITMDUMP=../../mitmdump
+PATHOD=../../../pathod/pathod
+PATHOC=../../../pathod/pathoc
+FUZZ_SETTINGS=-remTt 1 -n 0 -I 200,400,405,502 
+
diff --git a/test/fuzzing/README b/test/fuzzing/README
new file mode 100644
index 000000000..2760506fc
--- /dev/null
+++ b/test/fuzzing/README
@@ -0,0 +1,14 @@
+
+A fuzzing architecture for mitmproxy
+====================================
+
+Quick start:
+
+	honcho -f ./straight_stream start
+
+
+Notes:
+
+	- Processes are managed using honcho (pip install honcho)
+	- Paths and common settings live in .env
+
diff --git a/test/fuzzing/client_patterns b/test/fuzzing/client_patterns
new file mode 100644
index 000000000..83457b6f3
--- /dev/null
+++ b/test/fuzzing/client_patterns
@@ -0,0 +1,4 @@
+get:'http://localhost:9999/p/200':ir,"\n"
+get:'http://localhost:9999/p/200':ir,"\0"
+get:'http://localhost:9999/p/200':ir,@5
+get:'http://localhost:9999/p/200':dr
diff --git a/test/fuzzing/go_proxy b/test/fuzzing/go_proxy
index c9b6aef68..ea29400f7 100755
--- a/test/fuzzing/go_proxy
+++ b/test/fuzzing/go_proxy
@@ -3,20 +3,27 @@
 #   mitmproxy/mitmdump is running on port 8080 in straight proxy mode.
 #   pathod is running on port 9999
 
-BASE_HTTP="/Users/aldo/git/public/pathod/pathoc -Tt 1 -eo -I 200,400,405,502 -p 8080 localhost "
+BASE="../../../"
+BASE_HTTP=$BASE"/pathod/pathoc -Tt 1 -e -I 200,400,405,502 -p 8080 localhost "
+BASE_HTTPS=$BASE"/pathod/pathoc -sc localhost:9999 -Tt 1 -eo -I 200,400,404,405,502,800 -p 8080 localhost "
+
 #$BASE_HTTP -n 10000 "get:'http://localhost:9999':ir,@1"
 #$BASE_HTTP -n 100 "get:'http://localhost:9999':dr"
-#$BASE_HTTP -n 10000 "get:'http://localhost:9999/p/200:ir,@300.0
+#$BASE_HTTP -n 10000 "get:'http://localhost:9999/p/200':ir,@300"
+
+#$BASE_HTTP -n 10000 "get:'http://localhost:9999/p/200:ir,@1'"
+#$BASE_HTTP -n 100 "get:'http://localhost:9999/p/200:dr'"
+#$BASE_HTTP -n 10000 "get:'http://localhost:9999/p/200:ir,@100'"
 
 
 # Assuming:
 #   mitmproxy/mitmdump is running on port 8080 in straight proxy mode.
 #   pathod with SSL enabled is running on port 9999
 
-BASE_HTTPS="/Users/aldo/git/public/pathod/pathoc -sc localhost:9999 -Tt 1 -eo -I 200,400,404,405,502,800 -p 8080 localhost "
-$BASE_HTTPS -en 10000 "get:'/p/200:b@10:ir,@1'"
+#$BASE_HTTPS -en 10000 "get:'/p/200:b@100:ir,@1'"
 #$BASE_HTTPS -en 10000 "get:'/p/200:ir,@1'"
 
 #$BASE_HTTPS -n 100 "get:'/p/200:dr'"
 #$BASE_HTTPS -n 10000 "get:'/p/200:ir,@3000'"
 #$BASE_HTTPS -n 10000 "get:'/p/200:ir,\"\\n\"'"
+
diff --git a/test/fuzzing/reverse_patterns b/test/fuzzing/reverse_patterns
new file mode 100644
index 000000000..8d1d76a20
--- /dev/null
+++ b/test/fuzzing/reverse_patterns
@@ -0,0 +1,9 @@
+get:'/p/200':b@10:ir,"\n"
+get:'/p/200':b@10:ir,"\r\n"
+get:'/p/200':b@10:ir,"\0"
+get:'/p/200':b@10:ir,@5
+get:'/p/200':b@10:dr
+
+get:'/p/200:b@10:ir,@1'
+get:'/p/200:b@10:dr'
+get:'/p/200:b@10:ir,@100'
diff --git a/test/fuzzing/straight_stream b/test/fuzzing/straight_stream
new file mode 100644
index 000000000..64feae450
--- /dev/null
+++ b/test/fuzzing/straight_stream
@@ -0,0 +1,4 @@
+
+mitmdump: $MITMDUMP -q --stream 1 
+pathod: $PATHOD -q
+pathoc: sleep 2 && $PATHOC $FUZZ_SETTINGS  localhost:8080  ./straight_stream_patterns
\ No newline at end of file
diff --git a/test/fuzzing/straight_stream_patterns b/test/fuzzing/straight_stream_patterns
new file mode 100644
index 000000000..f5ae06f2f
--- /dev/null
+++ b/test/fuzzing/straight_stream_patterns
@@ -0,0 +1,5 @@
+get:'http://localhost:9999/p/':s'200:b"foo"':ir,'\n'
+get:'http://localhost:9999/p/':s'200:b"foo"':ir,'a'
+get:'http://localhost:9999/p/':s'200:b"foo"':ir,'9'
+get:'http://localhost:9999/p/':s'200:b"foo"':ir,':'
+get:'http://localhost:9999/p/':s'200:b"foo"':ir,'"'