??? int s_parse(char *filename) Parse and execute the named file as a
SPIKE script.
A Simple SPIKE Example
Consider the HTTP post request we looked at earlier:
POST /cgi-bin/login.pl HTTP/1.1
Host: gimme.money.com
Connection: close
User-Agent: Mozilla/6.0
Content-Length: 29
Content-Type: application/x-www-form-encoded
user=smith&password=smithpass
The following sequence of SPIKE calls would generate valid HTTP requests while fuzzing
the user and password fields in the request:
s_string("POST /cgi-bin/login.pl HTTP/1.1\r\n");
s_string("Host: gimme.money.com\r\n);
s_string("Connection: close\r\n");
s_string("User-Agent: Mozilla/6.0\r\n");
s_string("Content-Length: ");
s_blocksize_string("post_args", 7);
s_string("\r\nContent-Type: application/x-www-form-encoded\r\n\r\n");
s_block_start("post_args");
s_string("user=");
s_string_variable("smith");
s_string("&password=");
s_string_variable("smithpass");
s_block_end("post_args");
These statements constitute a valid SPIKE script (we refer to this script as demo.spk).
All that is needed now is a way to execute these statements. Fortunately, the SPIKE distribution
comes with a simple program called generic_send_tcp that takes care of the
details of initializing a spike, parsing a script into the spike, and iterating through all
fuzzing variables in the spike.
Pages:
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642