greg123 Posted May 1, 2016 Share Posted May 1, 2016 I have installed address sanitizer and have installed the rest of the software I need. I am fuzzing the file selftls and it gives me this error. What am I supposed to put in the test case file?https://docs.google.com/document/d/1yz9I84syZBoa1ZLoEYBt7Txj46wOTJvxbjouL4e8o5c/edit?usp=sharing Quote Link to comment Share on other sites More sharing options...
digininja Posted May 1, 2016 Share Posted May 1, 2016 [-] SYSTEM ERROR : Unable to open 'in' Does the file in exist? Quote Link to comment Share on other sites More sharing options...
greg123 Posted May 1, 2016 Author Share Posted May 1, 2016 I've generated a self signed certificate and put it in "in" directory. It then gave me a different error that said there was no file named selftls. What program in openssl accepts and processes certificates? Quote Link to comment Share on other sites More sharing options...
digininja Posted May 1, 2016 Share Posted May 1, 2016 ./selftls says to look for a file called selftls in the current directory. I'm guessing that you've found these instructions in some document and have just copy and pasted them rather than trying to understand what they are actually doing. I suggest finding a man page or manual for the tool you are using and read through it to learn what is actually going on. Quote Link to comment Share on other sites More sharing options...
greg123 Posted May 1, 2016 Author Share Posted May 1, 2016 I'm trying to fuzz openssl but I couldn't find out which file to fuzz that involves with handling the certificate https://blog.hboeck.de/archives/868-How-Heartbleed-couldve-been-found.html Quote Link to comment Share on other sites More sharing options...
greg123 Posted May 1, 2016 Author Share Posted May 1, 2016 I am in the openssl directory cd openssl greg123:~/openssl (master) $ ls ACKNOWLEDGEMENTS Configure* LICENSE NOTES.WIN README.PERL config* demos/ include/ ssl/ AUTHORS FAQ Makefile README VMS/ config.com doc/ ms/ ssl.map CHANGES INSTALL Makefile.shared README.ECC apps/ configdata.pm e_os.h openssl.spec test/ CONTRIBUTING INSTALL.DJGPP NEWS README.ENGINE appveyor.yml crypto/ engines/ out/ tools/ Configurations/ INSTALL.WCE NOTES.VMS README.FIPS build.info crypto.map external/ pod2htmd.tmp util/ Quote Link to comment Share on other sites More sharing options...
digininja Posted May 1, 2016 Share Posted May 1, 2016 Quick step backwards, why openssl, what are you aiming to achieve? Quote Link to comment Share on other sites More sharing options...
greg123 Posted May 1, 2016 Author Share Posted May 1, 2016 https://github.com/hannob/selftlsI downloaded selftls. It says on the website " We only want to fuzz the very first step of the handshake, so we're interested in the first packet. We will create an input directory for american fuzzy lop called in and place packet-1 in it." I couldn't find anything in the selftls directory named "packet-1". Quote Link to comment Share on other sites More sharing options...
digininja Posted May 1, 2016 Share Posted May 1, 2016 I'll ask the same question again, why are you trying to fuzz oopenssl? Quote Link to comment Share on other sites More sharing options...
greg123 Posted May 1, 2016 Author Share Posted May 1, 2016 Why not? Quote Link to comment Share on other sites More sharing options...
digininja Posted May 1, 2016 Share Posted May 1, 2016 Have you done any fuzzing before? From what you've posted so far I'd guess probably not or very little. Openssl has been analysed by all the top professionals so unless you are very skilled then the chances of you finding anything are so remote that you are mostly wasting your time unless you are doing it just to learn how to fuzz. If you are doing it to learn to fuzz then don't start here, start with the basics and work up. There are loads of better apps to start on to learn the skills. Quote Link to comment Share on other sites More sharing options...
greg123 Posted May 1, 2016 Author Share Posted May 1, 2016 What should I start with then? Quote Link to comment Share on other sites More sharing options...
digininja Posted May 1, 2016 Share Posted May 1, 2016 I've not done any fuzzing so don't know the recommended resources but these look like good places to start: https://fuzzing-project.org/tutorial1.html This post is from a mate of mine who does know his stuff https://www.mwrinfosecurity.com/our-thinking/15-minute-guide-to-fuzzing/ I'd also recommend just getting to know Linux, both errors you posted are fairly basic if you know your way around a command line. Quote Link to comment Share on other sites More sharing options...
greg123 Posted May 1, 2016 Author Share Posted May 1, 2016 Thanks! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.