{"id":15430447,"url":"https://github.com/cwshugg/gurthang","last_synced_at":"2025-04-19T16:54:32.696Z","repository":{"id":119412905,"uuid":"469568414","full_name":"cwshugg/gurthang","owner":"cwshugg","description":"[Masters Thesis] A connection-multiplexing web server fuzzing harness for AFL++.","archived":false,"fork":false,"pushed_at":"2022-06-14T14:12:57.000Z","size":5248,"stargazers_count":5,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2024-10-18T06:15:34.031Z","etag":null,"topics":["afl","aflplusplus","fuzzing","networking","security","systems-programming"],"latest_commit_sha":null,"homepage":"https://vtechworks.lib.vt.edu/handle/10919/110769","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cwshugg.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-03-14T03:33:21.000Z","updated_at":"2024-09-24T10:46:16.000Z","dependencies_parsed_at":null,"dependency_job_id":"27449601-e07c-419f-ab46-c4f67c05070b","html_url":"https://github.com/cwshugg/gurthang","commit_stats":{"total_commits":5,"total_committers":2,"mean_commits":2.5,"dds":0.4,"last_synced_commit":"acebbadeeac27266432c6f0bc5d255861d75172e"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cwshugg%2Fgurthang","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cwshugg%2Fgurthang/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cwshugg%2Fgurthang/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cwshugg%2Fgurthang/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cwshugg","download_url":"https://codeload.github.com/cwshugg/gurthang/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249743246,"owners_count":21319079,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["afl","aflplusplus","fuzzing","networking","security","systems-programming"],"created_at":"2024-10-01T18:16:23.649Z","updated_at":"2025-04-19T16:54:32.676Z","avatar_url":"https://github.com/cwshugg.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"This is **gurthang**, my web server fuzzing harness, composed of an `LD_PRELOAD` library and AFL++ custom mutator module. Turin Turambar wielded Gurthang, the sword called the \"Iron of Death\", and slayed Glaurung the dragon. Maybe, just maybe, AFL++ can wield this harness to slay some web servers.\n\nGurthang was developed for my MS thesis of Computer Science at Virginia Tech. My thesis is archived [at this link](https://vtechworks.lib.vt.edu/handle/10919/110769).\n\n\u003cimg align=\"right\" src=\"./docs/images/gurthang_light.png\" width=385\u003e\n\n# Files\n\nThe source files are organized like so:\n\n* `src/` contains the AFL++ mutator, the `LD_PRELOAD` library, and the implementation of the **connection-multiplexing** file format.\n* `tests/` contains a unit testing header file, along with a series of testing modules I've written to test smaller parts of my code.\n* `scripts/` contains any scripts I wanted to save to make development and fuzzing easier.\n* `dicts/` contains example dictionaries that can be plugged into gurthang in order to make use of dictionary-based mutations.\n* `docs/` contains markdown documentation and images.\n\n## Setup\n\nTo set things up, pull and build AFL++. Copy the file path to its `include/` directory (for example: `/home/cwshugg/AFLplusplus/include`), and drop it into the `AFLPP_INCLUDE` makefile variable:\n\n```bash\n# ... in the makefile ...\n\n# AFL++ variables\nAFLPP_INCLUDE=/home/cwshugg/AFLplusplus/include\n\n# ...\n```\n\nAfter that, build your web server and use the following environment variables to utilize gurthang to fuzz it:\n\n```bash\nAFL_PRELOAD=${gurthang_repo}/gurthang-preload.so \\\nAFL_CUSTOM_MUTATOR_LIBRARY=${gurthang_repo}/gurthang-mutator.so \\\nAFL_CUSTOM_MUTATOR_ONLY=1 \\\n${afl_fuzz} # ... other AFL arguments go here\n```\n\nSee this document for [additional environment variables](./docs/environment_variables.md) gurthang supports.\n\n# The `LD_PRELOAD` Library\n\nTo enable the fuzzing of web servers via AFL++, this project has two components: the library and the mutator. The first of these is a shared object (`.so`) library that is passed to the server via the `LD_PRELOAD` environment variable. Simply put, its job is to read a **comux** file from stdin, use it to establish internal connections to the server, and feed the input through those connections.\n\nMore details on the library can be found [here](./docs/preload.md).\n\n# The AFL++ Custom Mutator\n\nThe `LD_PRELOAD` library controls the reading and parsing of these **comux** files (described below), whereas gurthang's AFL++ custom mutator module is responsible for performing mutations on those comux files. Such mutations might be:\n\n* Typical AFL++ bit/byte operations on comux payloads (bitflip, byte swap, byte reversal, etc.)\n* Change the order in which the connections are established\n* Change the order in which the payloads are sent\n* Split up the payloads to send less data at one time\n* Combine two payloads to send more data at one time\n\nIn essence, this special file format allows the mutator to decide not only *what* is getting sent to the target server, but *how* it is sent to the server. More details on the mutator can be found [here](./docs/mutator.md).\n\n# Comux\n\nThe **Co**nnection **Mu**ltiple**x**ing protocol implemented in `src/comux/` allows you to format a single file in a way that defines the content to be sent to a remote web server across *multiple* concurrent socket connections. As mentioned above, the AFL++ mutator and `LD_PRELOAD` library use this protocol enable AFL++ to establish multiple connections to the target web server, and send multiple payloads through those connections, in a single execution of the fuzzer.\n\nSee [this page](./docs/comux.md) for a full description.\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcwshugg%2Fgurthang","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcwshugg%2Fgurthang","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcwshugg%2Fgurthang/lists"}