README
¶
S3 Fuzzing
A prototype for an S3 fuzzing library.
Get Started
package main
import (
"bytes"
"crypto/tls"
"fmt"
"net/http"
"strings"
"time"
"github.com/aead/sf"
"github.com/aead/sf/headers"
minio "github.com/minio/minio-go"
)
func main() {
host, accessKey, secretkey := "localhost:9000", "ACCESS_KEY", "SECRET_KEY"
s3Client, err := minio.NewV2(host, accessKey, secretkey, true)
if err != nil {
fmt.Println("Failed to create S3 client:", err)
return
}
customTrans := http.Transport{
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
}
rand := sf.NewRandom(time.Now().Unix())
fuzzers := sf.MultiFuzzer{
sf.Insert(func() (string, string) {
length, _ := headers.TypeOf("Content-Length")
return "Content-Length", length.Random(rand)
}),
sf.Filter(func(k string) bool { return strings.HasPrefix(k, "User-Agent") }),
sf.Logger(nil),
}
s3Client.SetCustomTransport(sf.RegisterFuzzer(&customTrans, fuzzers...))
data := make([]byte, 1024)
_, err = s3Client.PutObject("bucket", "object", bytes.NewReader(data), int64(len(data)), minio.PutObjectOptions{})
if err != nil {
fmt.Println(err)
return
}
}
Documentation
¶
Overview ¶
Package sf provides general HTTP S3 fuzzing types and functionality. It provides interfaces and generic implementations of fuzzers and the hooking mechanism to register fuzzing.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func RegisterFuzzer ¶
func RegisterFuzzer(rt http.RoundTripper, f ...Fuzzer) http.RoundTripper
RegisterFuzzer wraps a http.RounderTripper. The returned http.RounderTripper modifies all HTTP request using the provided fuzzers before the request is processed any further.
Types ¶
type Filter ¶
Filter is a fuzzer filtering HTTP header keys. All keys that let Filter evaluate to true are removed from the request.
func (Filter) And ¶
And combines two filters such that the returned filter returns true iff both filters return true.
func (Filter) Fuzz ¶
Fuzz filter out all keys from the HTTP request headers which let the fuzzer evaluate to true.
type Fuzzer ¶
type Fuzzer interface {
// Fuzz modifies the HTTP request depending
// on the fuzzer implementation. It may retrun
// any encountered error during modification.
//
// If Fuzz returns an non-nil error the state
// of the request is undefined.
Fuzz(*http.Request) error
}
Fuzzer is the generic interface for adding S3 fuzzing functionality. A fuzzer takes an HTTP request and modifies the request in an arbitrary way.
type Insert ¶
Insert is a fuzzer inserting a key-value pair into the HTTP headers. If the key already exists than Insert replaces the old value with the new value.
type LoopFuzzer ¶
type LoopFuzzer interface {
Fuzzer
// Adjust can extract information about the
// HTTP response so that the fuzzer can adjust
// its fuzzing strategy. It MUST NOT modify the
// response.
Adjust(*http.Response)
}
LoopFuzzer is the generic interface for a statefull and adjusting fuzzer.
A LoopFuzzer can be seen as a Fuzzer which modifies an HTTP request before sending it. When the HTTP response is received the LoopFuzzer looks at the response and may adjusts its fuzzing strategy.
type Map ¶
Map is a fuzzer transforming HTTP headers. The map function is applied to every header key-value pair which is than replaced by the transformed key-value-pair.
type MultiFuzzer ¶
type MultiFuzzer []Fuzzer
MultiFuzzer combines a list of fuzzers into a single fuzzer.
func (MultiFuzzer) Adjust ¶
func (mf MultiFuzzer) Adjust(resp *http.Response)
Adjust passes the HTTP response to every LoopFuzzer which is part of the MultiFuzzer.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package auth provides authenticating and signing functionality for S3 requests.
|
Package auth provides authenticating and signing functionality for S3 requests. |
|
Package headers provides functionality to generate S3 HTTP headers randomly using type constraints of S3.
|
Package headers provides functionality to generate S3 HTTP headers randomly using type constraints of S3. |