afl-fuzz 框架
afl-fuzz 的整体架构,新手理解起来还是比较费劲,网络上发现一张图觉得不错,放上来大家看看,感谢原作者。
本博客所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来源 安全代码!
相关推荐
2023-09-06
Dissecting American Fuzzy Lop A FuzzBench Evaluation 要点
paper: https://www.s3.eurecom.fr/docs/fuzzing22_fioraldi_report.pdf 两个实验的结论 (主要基于 FuzzBench) Our conclusion after this experiment is that AFL, and follow-ups fuzzers like AFL++, should provide an optionto disable hitcounts. AFL++ provides many different op-tions, and the users are suggested to run an instance of each variant when doing parallel fuzzing, a common use-case in real-world setups. The fact that in our experiments,hitcounts have shown a highly variadic behavior suggests that users ...
2023-09-06
恢复 Android App 的截屏功能
今天遇上某 App 禁止截屏,其实就是使用了下面这段代码 1getWindow().setFlags(LayoutParams.FLAG_SECURE, LayoutParams.FLAG_SECURE); 使用 frida 脚本可以绕过绕过这个限制 (使用 frida 需要将手机 root)。 12345678910111213Java.perform(function () { // https://developer.android.com/reference/android/view/WindowManager.LayoutParams.html#FLAG_SECURE var FLAG_SECURE = 0x2000; var Window = Java.use("android.view.Window"); var setFlags = Window.setFlags; //.overload("int", "int") setFlags.implementation = ...
2023-09-06
Keynote - How Do You Actually Find Bugs?
https://www.youtube.com/watch?v=7Ysy6iA2sqA&ab_channel=OffensiveCon Temperament Curiosity Detail-oriented Ability to deal with failure and continual evidence that you’re wrong Learn how to deal with failure Two projects (can be unrealeted, or different parts of the same) Learn to recognize whe you have hit a wall and have become unproductive Switch to your secondary project Consider having a development project as your seconary project Do an achiveable, measurable task Regain a sense...
2020-03-19
mitmproxy 简介
主要特色:Intercept HTTP & HTTPS requests and responses and modify them on the fly 使用python编写,可以在windows,Linux, Mac 下运行,这点比 fiddler 有优势。可以修改报文内容,这点很不错。 官方网站: https://www.mitmproxy.org/ 文档:https://docs.mitmproxy.org/stable/ ☆ 1. 安装参考 https://docs.mitmproxy.org/stable/overview-installation/ 12sudo dnf install -y python-pip python-devel libffi-devel openssl-devel libxml2-devel libxslt-devel libpng-devel libjpeg-develsudo pip install mitmproxy # or pip install --user mitmproxy ☆ 2. 基本使用mitmprox...
2006-07-13
N 谈 %5C 暴库
关于%5c的暴库利用想已经不是什么新技术了,原因我只找到含糊的说法:的UNICODE是%5c当提交时,IIS无法正常解析,导致暴库。但我对 http://www.hoky.org 测试成功后(现在已经补上)问过hoky.pro,得知%5c与IIS的设置是有关系的。而在默认设置下是可以暴库的。还有很多人说不成功,我要说的三点: 一般的错误返回页面是本地IE提供的,所以我们先得关了本地的错误页面,具体在菜单项的‘工具->internet选项->高级->显示友好信息’。 对方数据库要是Access型。 %5c的暴库需要的是二级目录,一级目录无法成功。如: http://www.sometips.com%5c1.asp?id=1 不成功http://www.sometips.com/other%5c1.asp?id=1 成功 好了,上面说的大家都知道,当是废话。在暴库这么好用的东西下,如果一个网站只有一级目录的话,难道就没有办法了吗?说到重点,其实一级目录我们也同样可以成功的,我们可以通过构造一个多级目录来达到暴库的目的。 http://www.target.com...
2016-06-08
PowerPoint 彩蛋和加密
PowerPoint的彩蛋PowerPoint的彩蛋是一个很复杂的密码 /01Hannes Ruescher/01 发现这个密码是在 binvul的论坛里面,在网上搜索了一下有几个链接提到了这个密码。 http://social.msdn.microsoft.com/Forums/en-US/4194b097-c5ca-416a-b9d6-7a65ff7d9d43http://msdn.microsoft.com/en-us/library/dd923811(v=office.12).aspx 第二个链接里面有一段关键的内容, 1234If the user has not supplied an encryption password and the document is encrypted, the default encryption choice using the techniques specified in section 2.3 MUST be the following password: "\x2f\x30\x31\x48\x6...