diff options
| author | Colin Watson <cjwatson@debian.org> | 2016-08-06 10:49:58 +0100 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2016-08-06 10:49:58 +0100 |
| commit | a8ed8d256b2e2c05b0c15565a7938028c5192277 (patch) | |
| tree | 87abbdc914a38b43e4e5bb9581ad1f46eabbf88e /regress/misc/kexfuzz/README | |
| parent | f0329aac23c61e1a5197d6d57349a63f459bccb0 (diff) | |
| parent | 99522ba7ec6963a05c04a156bf20e3ba3605987c (diff) | |
Import openssh_7.3p1.orig.tar.gz
Diffstat (limited to 'regress/misc/kexfuzz/README')
| -rw-r--r-- | regress/misc/kexfuzz/README | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/regress/misc/kexfuzz/README b/regress/misc/kexfuzz/README new file mode 100644 index 000000000..8b215b5bf --- /dev/null +++ b/regress/misc/kexfuzz/README | |||
| @@ -0,0 +1,28 @@ | |||
| 1 | This is a harness to help with fuzzing KEX. | ||
| 2 | |||
| 3 | To use it, you first set it to count packets in each direction: | ||
| 4 | |||
| 5 | ./kexfuzz -K diffie-hellman-group1-sha1 -k host_ed25519_key -c | ||
| 6 | S2C: 29 | ||
| 7 | C2S: 31 | ||
| 8 | |||
| 9 | Then get it to record a particular packet (in this case the 4th | ||
| 10 | packet from client->server): | ||
| 11 | |||
| 12 | ./kexfuzz -K diffie-hellman-group1-sha1 -k host_ed25519_key \ | ||
| 13 | -d -D C2S -i 3 -f packet_3 | ||
| 14 | |||
| 15 | Fuzz the packet somehow: | ||
| 16 | |||
| 17 | dd if=/dev/urandom of=packet_3 bs=32 count=1 # Just for example | ||
| 18 | |||
| 19 | Then re-run the key exchange substituting the modified packet in | ||
| 20 | its original sequence: | ||
| 21 | |||
| 22 | ./kexfuzz -K diffie-hellman-group1-sha1 -k host_ed25519_key \ | ||
| 23 | -r -D C2S -i 3 -f packet_3 | ||
| 24 | |||
| 25 | A comprehensive KEX fuzz run would fuzz every packet in both | ||
| 26 | directions for each key exchange type and every hostkey type. | ||
| 27 | This will take some time. | ||
| 28 | |||