{"id":13608807,"url":"https://github.com/sucof/pipedream","last_synced_at":"2025-04-12T17:32:58.484Z","repository":{"id":33357715,"uuid":"37002530","full_name":"sucof/pipedream","owner":"sucof","description":"pipedream socket fuzzer with capture and replay","archived":false,"fork":false,"pushed_at":"2015-06-06T10:31:52.000Z","size":145,"stargazers_count":3,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2024-11-07T14:42:10.546Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://www.facebook.com/pages/Arisun-Restaurant/137838556265499","language":"Python","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sucof.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-06-07T02:56:24.000Z","updated_at":"2019-03-14T15:15:09.000Z","dependencies_parsed_at":"2022-09-11T23:41:17.716Z","dependency_job_id":null,"html_url":"https://github.com/sucof/pipedream","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sucof%2Fpipedream","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sucof%2Fpipedream/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sucof%2Fpipedream/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sucof%2Fpipedream/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sucof","download_url":"https://codeload.github.com/sucof/pipedream/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248605353,"owners_count":21132158,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T19:01:30.129Z","updated_at":"2025-04-12T17:32:53.473Z","avatar_url":"https://github.com/sucof.png","language":"Python","funding_links":[],"categories":["Python"],"sub_categories":[],"readme":"# \"pipedream\" fuzzer\nThe pipedream proxy is a pure-python single-threaded proxy server, designed to\ncapture traffic and replay it with modifications, to identify vulnerabilities\nin both networked and desktop software.\n\nIn it's 'capture' mode, this captures a socket conversation as a .cnv file,\nwhich can then be used in the 'replay' mode to simulate a client, as well as\na 'fuzz' mode to inject random faults. A 'data editor' is also included\nwhich can be used to edit captured conversations before use.\n\n*Note: it is strongly recommended that a fuzz file be edited before trying to\nemulate a server*\n\n## basic use (no fuzzing)\nThe first step of using the fuzzer is to capture a socket conversation. This\nis done with the \"capture\" mode, which sets up a socket proxy, as follows. The\nexample below captures traffic to the google web server, without \n\n    pipedream.py -m capture -i localhost:8082 -o www.google.com:80 -f google\n\nThen, the saved format spec file can be used to emulate either the client or\nthe server, as follows:\n\n    pipedream.py -m replay -o www.google.com:80 -f google-12345.cnv\n    pipedream.py -m replayserver -o localhost:8081 -f google-12345.cnv\n\nTo introduce mutations, use the -c flag, to specify the percent chance that\na given node will mutate.\n\n## basic use (editor)\nThis fuzzer also includes a editor, which can modify conversation files. This\ncan be accessed via:\n\n    pipedream.py -m edit -f google-12345.cnv\n\n## practical example (fuzzing a browser)\nThe first step is to capture a browser's request / response pair, as follows:\n\n    python pipedream.py -m capture -i localhost:4040 -o www.blah.com:80 -f creche\n\nFor the purposes of this demo, a socket conversation has already been prepared,\nsimulating a conversation between a user's browser and reddit (sample.cn_). Make\na copy of this, and open it up in the editor:\n\n    python pipedream.py -m edit -f herpaderp-10348.cnv\n\nUse the \"p\" command to inspect the socket conversation: note that it includes two\nrequests, and both responses are split into two recv calls:\n\n    [####] : p\n    [ 0 -\u003e len:0x0162 ]  [ 47 45 54 20 2f 63 64 6e  GET /cdn ]\n    [ 1 \u003c- len:0x0550 ]  [ 48 54 54 50 2f 31 2e 31  HTTP/1.1 ]\n    [ 2 \u003c- len:0x1018 ]  [ 95 1c 5c 5b 3b ff ad b5  ..\\[;... ]\n    [ 3 -\u003e len:0x0179 ]  [ 47 45 54 20 2f 63 64 6e  GET /cdn ]\n    [ 4 \u003c- len:0x0550 ]  [ 48 54 54 50 2f 31 2e 31  HTTP/1.1 ]\n    [ 5 \u003c- len:0x2800 ]  [ c5 8d 22 22 62 44 44 44  ..\"\"bDDD ]\n    [ 6 \u003c- len:0x12bb ]  [ cd 15 22 38 1f fe 3b 17  ..\"8..;. ]\n    [####] : q\n\nNote that this describes two HTTP requests, and the responses for both of these\nhave been split into two pieces (i.e. two recv calls). We can delete the last 3\nand merge the first two responses, as follows:\n\n    d 6\n    d 5\n    d 4\n    d 3\n    s 1\n    swallow 2\n    save\n    p all\n\nThe end result should look like this:\n\n    [####] : p\n    [ 0 -\u003e len:0x0162 ]  [ 47 45 54 20 2f 63 64 6e  GET /cdn ]\n    [ 1 \u003c- len:0x1568 ]  [ 48 54 54 50 2f 31 2e 31  HTTP/1.1 ]\n    [####] :\n\nNow, select the second node, and bind it to the GET keyword:\n\n    s 1\n    bind .*GET.*\n    p all\n    save\n\nNow, emulate the server with the following:\n\n    python pipedream.py -m replayserver -f herpaderp-10348.cnv -c 100 -i localhost:4040\n\nThis will open up a server on localhost:4040. Use your browser, and access\nthis port: in response to a standard GET request, you will get a malformed\nresponse. Note that this may not render correctly, due to the HTTP response\nheaders being broken.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsucof%2Fpipedream","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsucof%2Fpipedream","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsucof%2Fpipedream/lists"}