cisco-sas / kitty Goto Github PK

Maybe we should move most of the logic of the trigger method that is currently in ClientTarget to ClientFuzzer. Doing that will break the current client fuzzing API, so we should consider doing that in a major release, if at all. The current method does work, but I think it will be cleaner with that change.

My actions

1. docker run -it ubuntu:latest
2. apt update && apt upgrade -y && apt install -y python3-pip git
3. git clone https://github.com/cisco-sas/katnip.git /tmp/katnip
4. cd /tmp/katnip
5. pip3 install -e .

Result

Obtaining file:///tmp/katnip
Collecting kittyfuzzer (from katnip==0.2.5)
  Downloading https://files.pythonhosted.org/packages/61/fc/9b7b03d896d986aafb0000a093a0c9b599d26ba3b35d29e2ed0313b6d852/kittyfuzzer-0.7.1.tar.gz (301kB)
    100% |################################| 307kB 765kB/s 
  Running setup.py (path:/tmp/pip-build-g0ao1gtv/kittyfuzzer/setup.py) egg_info for package kittyfuzzer produced metadata for project name kittyfuzzer-remote. Fix your #egg=kittyfuzzer fragments.
Collecting docopt (from kittyfuzzer-remote->katnip==0.2.5)
  Downloading https://files.pythonhosted.org/packages/a2/55/8f8cab2afd404cf578136ef2cc5dfb50baa1761b68c9da1fb1e4eed343c9/docopt-0.6.2.tar.gz
Collecting requests (from kittyfuzzer-remote->katnip==0.2.5)
  Downloading https://files.pythonhosted.org/packages/7d/e3/20f3d364d6c8e5d2353c72a67778eb189176f08e873c9900e10c0287b84b/requests-2.21.0-py2.py3-none-any.whl (57kB)
    100% |################################| 61kB 1.3MB/s 
Requirement already satisfied: six in /usr/lib/python3/dist-packages (from kittyfuzzer-remote->katnip==0.2.5)
Collecting chardet<3.1.0,>=3.0.2 (from requests->kittyfuzzer-remote->katnip==0.2.5)
  Downloading https://files.pythonhosted.org/packages/bc/a9/01ffebfb562e4274b6487b4bb1ddec7ca55ec7510b22e4c51f14098443b8/chardet-3.0.4-py2.py3-none-any.whl (133kB)
    100% |################################| 143kB 1.2MB/s 
Collecting certifi>=2017.4.17 (from requests->kittyfuzzer-remote->katnip==0.2.5)
  Downloading https://files.pythonhosted.org/packages/9f/e0/accfc1b56b57e9750eba272e24c4dddeac86852c2bebd1236674d7887e8a/certifi-2018.11.29-py2.py3-none-any.whl (154kB)
    100% |################################| 163kB 447kB/s 
Requirement already satisfied: idna<2.9,>=2.5 in /usr/lib/python3/dist-packages (from requests->kittyfuzzer-remote->katnip==0.2.5)
Collecting urllib3<1.25,>=1.21.1 (from requests->kittyfuzzer-remote->katnip==0.2.5)
  Downloading https://files.pythonhosted.org/packages/62/00/ee1d7de624db8ba7090d1226aebefab96a2c71cd5cfa7629d6ad3f61b79e/urllib3-1.24.1-py2.py3-none-any.whl (118kB)
    100% |################################| 122kB 2.6MB/s 
Building wheels for collected packages: kittyfuzzer-remote, kittyfuzzer-remote, docopt
  Running setup.py bdist_wheel for kittyfuzzer-remote ... done
  Stored in directory: /root/.cache/pip/wheels/b0/fc/a8/c7bc608bd3245cd6da33cf9086be799297428057d765f88825
  Running setup.py bdist_wheel for kittyfuzzer-remote ... error
  Complete output from command /usr/bin/python3 -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-g0ao1gtv/kittyfuzzer-remote/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" bdist_wheel -d /tmp/tmpugm93id4pip-wheel- --python-tag cp36:
  Traceback (most recent call last):
    File "<string>", line 1, in <module>
    File "/usr/lib/python3.6/tokenize.py", line 452, in open
      buffer = _builtin_open(filename, 'rb')
  FileNotFoundError: [Errno 2] No such file or directory: '/tmp/pip-build-g0ao1gtv/kittyfuzzer-remote/setup.py'
  
  ----------------------------------------
  Failed building wheel for kittyfuzzer-remote
  Running setup.py clean for kittyfuzzer-remote
  Complete output from command /usr/bin/python3 -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-g0ao1gtv/kittyfuzzer-remote/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" clean --all:
  Traceback (most recent call last):
    File "<string>", line 1, in <module>
    File "/usr/lib/python3.6/tokenize.py", line 452, in open
      buffer = _builtin_open(filename, 'rb')
  FileNotFoundError: [Errno 2] No such file or directory: '/tmp/pip-build-g0ao1gtv/kittyfuzzer-remote/setup.py'
  
  ----------------------------------------
  Failed cleaning build dir for kittyfuzzer-remote
  Running setup.py bdist_wheel for docopt ... done
  Stored in directory: /root/.cache/pip/wheels/9b/04/dd/7daf4150b6d9b12949298737de9431a324d4b797ffd63f526e
Successfully built kittyfuzzer-remote docopt
Failed to build kittyfuzzer-remote
Installing collected packages: docopt, chardet, certifi, urllib3, requests, kittyfuzzer-remote, katnip
  Running setup.py develop for katnip
Successfully installed certifi-2018.11.29 chardet-3.0.4 docopt-0.6.2 katnip kittyfuzzer-remote-0.7.1 requests-2.21.0 urllib

remove it.

I'm getting this in python2 and python3 what's happening here.
when looking at the select module I see

class poll():
    def __init__(self) -> None: ...
    def register(self, fd: _FileDescriptor, eventmask: int = ...) -> None: ...
    def modify(self, fd: _FileDescriptor, eventmask: int) -> None: ...
    def unregister(self, fd: _FileDescriptor) -> None: ...
    def poll(self, timeout: Optional[float] = ...) -> List[Tuple[int, int]]: ...

def select(rlist: Sequence[Any], wlist: Sequence[Any], xlist: Sequence[Any],
           timeout: Optional[float] = ...) -> Tuple[List[Any],
                                                    List[Any],
                                                    List[Any]]: ...

if sys.version_info >= (3, 3):
    error = OSError
else:
    class error(Exception): ...

but when i run my script it gives me

[ERROR   ][base.start] Error occurred while fuzzing: AttributeError("module 'select' has no attribute 'poll'")
[ERROR   ][base.start] Traceback (most recent call last):
  File "C:\Users\silve\AppData\Local\Programs\Python\Python38\lib\site-packages\kitty\fuzzers\base.py", line 385, in start
    self._test_environment()
  File "C:\Users\silve\AppData\Local\Programs\Python\Python38\lib\site-packages\kitty\fuzzers\server.py", line 53, in _test_environment
    if self._run_sequence(sequence):
  File "C:\Users\silve\AppData\Local\Programs\Python\Python38\lib\site-packages\kitty\fuzzers\server.py", line 75, in _run_sequence
    return self._post_test()
  File "C:\Users\silve\AppData\Local\Programs\Python\Python38\lib\site-packages\kitty\fuzzers\base.py", line 434, in _post_test
    self.target.post_test(self.model.current_index())
  File "C:\Users\silve\AppData\Local\Programs\Python\Python38\lib\site-packages\katnip\targets\application.py", line 131, in post_test
    self.report.add('stdout', self._read(self._process.stdout))
  File "C:\Users\silve\AppData\Local\Programs\Python\Python38\lib\site-packages\katnip\targets\application.py", line 121, in _read
    poll_obj = select.poll()

When rendering Pad field that is inside a container with default value, it does not pad its rendered value.

Container(fields=Pad(fields=Static('a'), pad_length=2*8)).render().tobytes()

yields 'a' instead of 'a\x00'

Python 3 running a katnip target but this is a kitty

Traceback (most recent call last):
  File "c:\Users\silve\.vscode\extensions\ms-python.python-2019.11.50794\pythonFiles\ptvsd_launcher.py", line 43, in <module>
    main(ptvsdArgs)
  File "c:\Users\silve\.vscode\extensions\ms-python.python-2019.11.50794\pythonFiles\lib\python\old_ptvsd\ptvsd\__main__.py", line 432, in main
    run()
  File "c:\Users\silve\.vscode\extensions\ms-python.python-2019.11.50794\pythonFiles\lib\python\old_ptvsd\ptvsd\__main__.py", line 316, in run_file
    runpy.run_path(target, run_name='__main__')
  File "C:\Users\silve\AppData\Local\Programs\Python\Python38\lib\runpy.py", line 262, in run_path
    return _run_module_code(code, init_globals, run_name,
  File "C:\Users\silve\AppData\Local\Programs\Python\Python38\lib\runpy.py", line 95, in _run_module_code
    _run_code(code, mod_globals, init_globals,
  File "C:\Users\silve\AppData\Local\Programs\Python\Python38\lib\runpy.py", line 85, in _run_code
    exec(code, run_globals)
  File "c:\Users\silve\Desktop\fuzzer.py", line 42, in <module>
    model.connect(bittorent_base_template)
  File "C:\Users\silve\AppData\Local\Programs\Python\Python38\lib\site-packages\kitty\model\high_level\graph.py", line 155, in connect
    dst_id = dst.hash()
  File "C:\Users\silve\AppData\Local\Programs\Python\Python38\lib\site-packages\kitty\model\low_level\container.py", line 88, in hash
    hashed = super(Container, self).hash()
  File "C:\Users\silve\AppData\Local\Programs\Python\Python38\lib\site-packages\kitty\model\low_level\field.py", line 321, in hash
    self._initialize()
  File "C:\Users\silve\AppData\Local\Programs\Python\Python38\lib\site-packages\kitty\model\low_level\field.py", line 146, in _initialize
    self._init()
  File "C:\Users\silve\AppData\Local\Programs\Python\Python38\lib\site-packages\kitty\model\low_level\container.py", line 204, in _init
    field._initialize()
  File "C:\Users\silve\AppData\Local\Programs\Python\Python38\lib\site-packages\kitty\model\low_level\field.py", line 146, in _initialize
    self._init()
  File "C:\Users\silve\AppData\Local\Programs\Python\Python38\lib\site-packages\kitty\model\low_level\container.py", line 204, in _initevel\container.py", line 204, in _init
    field._initialize()                                                                          evel\field.py", line 146, in _initialize
  File "C:\Users\silve\AppData\Local\Programs\Python\Python38\lib\site-packages\kitty\model\low_level\field.py", line 146, in _initialize                                                         evel\container.py", line 931, in _init
    self._init()
  File "C:\Users\silve\AppData\Local\Programs\Python\Python38\lib\site-packages\kitty\model\low_level\container.py", line 931, in _init
    self._rebuild_fields()
  File "C:\Users\silve\AppData\Local\Programs\Python\Python38\lib\site-packages\kitty\model\low_level\container.py", line 947, in _rebuild_fields
    current = self.random.sample(self._fields, field_list_len)
  File "C:\Users\silve\AppData\Local\Programs\Python\Python38\lib\random.py", line 364, in sample
    result = [None] * k
TypeError: can't multiply sequence by non-int of type 'float'

Sulley: Boo?
Boo: Kitty!

>>> from kitty.model import String
>>> String('hello').num_mutations()
91

>>> from boofuzz import *
>>> s_initialize("user")
>>> s_string('hello')
>>> s_get('user').num_mutations()
1441

This could be done with a session file - where all tests with status of error/failed would be re-tested.
A new session file should be created for the second run.

If data model has changed - we cannot use the session file - consider saving the data-model in the session file to make it self-sufficient (?)

Do we need to be able to pass test numbers list as well ?
I think working with a session file is simpler, but perhaps sometimes there is no session file and you just want to run a list of tests ?

I have the next code

from kitty.model import Container
from kitty.model import String


class HttpHeaderField(Container):
    def __init__(self, key, value, end=False, fuzzable=True):
        fields = []
        super(HttpHeaderField, self).__init__(name=key, fields=fields, fuzzable=fuzzable)


class XmlNode(Container):
    def __int__(self, key, value, end=False, fuzzable=True):
        fields = []
        super(XmlNode, self).__init__(name=key, fields=fields, fuzzable=fuzzable)


XmlNode(key='1', value=String('dasd'))
HttpHeaderField(key='1', value=String('dasd'))

What happens if I run this code to python2 console?

Answer

>>> HttpHeaderField(key='1', value=String('dasd'))
<__main__.HttpHeaderField object at 0x7f8407217050>

Well, it`s worked! Next

>>> XmlNode(key='1', value=String('dasd'))
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
TypeError: __init__() got an unexpected keyword argument 'key'

WTF???

Example code and error produced:
http://pastebin.com/5crHecLn

mutate() and _mutate() both need to be called on Stage object and StagedSequenceModel objects respectively, this needs to be documented

After calling those, get_stages() can retrieve _sequence, but then tries to access it as a dictionary. Unfortunately I'm short on time and can't investigate this further for the current moment

Kind regards

Currently environment test may be disabled only from command line args this is aweful. Add an appropriate API to BaseFuzzer.

Hi,

Bitfields seem to affect the rendering of fields that follow.

Reproduce

from kitty import model

_fields = [
    model.UInt16(1),
    model.BitField(0, 1),
    model.UInt16(1m)
]

temp = model.Template(fields=_fields)

print(temp.render())

Expected Result
0x000100001

Result
0x0001000080

Each category would contain its own library of mutations - related to this attack vector- ie: xss, sqli, command execution, directory traversal, memory corruption etc...

A configuration file would allow to specify which 'categories' the fuzzer will include and which it would not - to make sure the fuzzing is relevant to the specific target

The configuration file could also contain global vars such as: COMMAND_EXEC_TEST
which would be set differently per target (Linux, windows, mac, etc..)
Specific monitors could be written to use these same global variables in order to check that the action occurred (ie: a file with specific name created)

More mutations could be taken from FuzzDB (https://github.com/fuzzdb-project/fuzzdb)

Would be cool if we had little 'tag' stamps on the report list UI for each report

Python Version 2.7.16

String encoder error will break fuzzing progress.
Running this script will raise UnicodeDecodeError: 'ascii' codec can't decode byte 0xfe in position 11: ordinal not in range(128)

from kitty.model import *
from kitty.interfaces import WebInterface
from kitty.fuzzers import ServerFuzzer
from kitty.model import GraphModel
from katnip.targets.file import FileTarget


t1 = Template(name='str_encoder_test', fields=[
    String(name='bString', value='hello_kitty', encoder=StrEncodeEncoder('utf_16_le'), max_size=254 / 2)
]
                       )

target = FileTarget('FileTarget', './tmp', 'fuzzed', 'bin')

model = GraphModel()
model.connect(t1)

fuzzer = ServerFuzzer()
fuzzer.set_interface(WebInterface(port=26001))
fuzzer.set_model(model)
fuzzer.set_target(target)
fuzzer.set_range(1, 10)
fuzzer.start()

This problem can be reproduced with the code show below .

from kitty.model import *

test = String(name='bString', value='hello_kitty', encoder=StrEncodeEncoder('utf_16_le'), max_size=254 / 2)
test.mutate()
test.mutate()
test.mutate()
print(test.render())

Change the failed report from a binary state (failed/passed) to a tri-state status - failed/passed/error.
The error should be in case there was an exception thrown.
In case of error, there should still be a report, with as much detail as possible to help debug the problem, probably good to add stack traces to the report.
Error status indicates a bug in the fuzzing session somewhere and should be fixed or a true bug in the program.
Failure should be only for true bugs found.

It would be nice to have the error reports colored orange, and failures red.

Add "is_victim_alive" API that will check if the victim is alive during pre_test.

when i use kitty to fuzzing something i can't got report from controller or monitor.then i use this code blow to check why and may got the probom.

>>> from kitty.data.report import Report
>>> subreport = Report('subreport')
>>> subreport.add('failed','got some error')
>>> report=Report('all')
>>> report.add('subreport1',subreport)
>>> subreport.is_failed()
'got some error'
>>> report.is_failed()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/Library/Python/2.7/site-packages/kitty-0.6.1-py2.7.egg/kitty/data/report.py", line 166, in is_failed
    failed |= subreport.is_failed()
TypeError: unsupported operand type(s) for |=: 'bool' and 'str'

When I use Kitty, I use Kitty to conduct fuzzy testing of the protocol. One problem is how to call the mutation strategy to carry out data mutation after the data template is defined. I read the source code and did not solve this problem.I would appreciate an answer.

If I try run fuzzing in loop, then after 1 loop iteration, WebInterface cant stopped, and continue bind the port. Why it's not stopped?

for item in range(10):
            target = TcpTarget('fuzzer', host, int(port), timeout=1)
            target.set_expect_response(True)
            target.add_monitor(monitor)
            # Define model
            model = GraphModel()
            model.connect(template)
            # Define fuzzer
            fuzzer = ServerFuzzer()
            fuzzer.set_session_file('%s.sqlite' % time.ctime().replace(' ', '_'))
            fuzzer.set_interface(WebInterface(port=4445))
            fuzzer.set_model(model)
            fuzzer.set_target(target)
            fuzzer.set_delay_between_tests(0.2)
            fuzzer.start()

       _load_session No session loaded
[INFO    ][base._start_message] 
                 --------------------------------------------------
                 Starting fuzzing session
                 Target: TcpTarget
                 UI: WebInterface listening on 127.0.0.1:4445
                 Log: ./kittylogs/kitty_20190213-175952.log

                 Total possible mutation count: 1316
                 --------------------------------------------------
                                 Happy hacking
                 --------------------------------------------------
            
      _start_message 
                 --------------------------------------------------
                 Starting fuzzing session
                 Target: TcpTarget
                 UI: WebInterface listening on 127.0.0.1:4445
                 Log: ./kittylogs/kitty_20190213-175952.log

                 Total possible mutation count: 1316
                 --------------------------------------------------
                                 Happy hacking
                 --------------------------------------------------
            
Exception in thread Thread-10:
Traceback (most recent call last):
  File "/usr/lib/python3.7/threading.py", line 917, in _bootstrap_inner
    self.run()
  File "/media/DATA/Fuzzer/kitty3/kitty/core/threading_utils.py", line 42, in run
    self._func(*self._args)
  File "/media/DATA/Fuzzer/kitty3/kitty/interfaces/web.py", line 301, in _server_func
    server = _WebInterfaceServer((self._host, self._port), _WebInterfaceHandler, self)
  File "/media/DATA/Fuzzer/kitty3/kitty/interfaces/web.py", line 46, in __init__
    HTTPServer.__init__(self, server_address, handler)
  File "/usr/lib/python3.7/socketserver.py", line 452, in __init__
    self.server_bind()
  File "/usr/lib/python3.7/http/server.py", line 137, in server_bind
    socketserver.TCPServer.server_bind(self)
  File "/usr/lib/python3.7/socketserver.py", line 466, in server_bind
    self.socket.bind(self.server_address)
OSError: [Errno 98] Address already in use

Getting following error stack with pre_test param as "test_num"

[ERROR ][base.start] Traceback (most recent call last):
File "C:\Python27\lib\site-packages\kitty\fuzzers\base.py", line 292, in start
self._test_environment()
File "C:\Python27\lib\site-packages\kitty\fuzzers\server.py", line 53, in _test_environment
if self._run_sequence(sequence):
File "C:\Python27\lib\site-packages\kitty\fuzzers\server.py", line 64, in _run_sequence
self._pre_test()
File "C:\Python27\lib\site-packages\kitty\fuzzers\base.py", line 332, in _pre_test
self.target.pre_test(self.model.current_index())
File "F:\play\pyplay\fuzz1\fuzz1.py", line 42, in pre_test
super(TcpTarget, self).pre_test(test_num)
File "C:\Python27\lib\site-packages\kitty\targets\server.py", line 62, in pre_test
super(ServerTarget, self).pre_test(test_num)
File "C:\Python27\lib\site-packages\kitty\targets\base.py", line 81, in pre_test
self.controller.pre_test(test_number=self.test_number)
TypeError: pre_test() got an unexpected keyword argument 'test_number'

doc link : http://kitty.readthedocs.io/en/latest/tutorials/server_fuzzing.html

It would be very useful to be able to reference other fields (for e.g. the base_field of and Offset field) using either an absolute or relative 'field path', delimited by either slashes or dots.

ByteAlignedBitsEncoder have wrong padding (fixed already, but will be shipped with v0.6.2)

We need a (calculated) field that holds the offset of a specific field within a container/template. This will probably require a new API in BaseField/Container.

Access denied by device during fuzz test when establishing connection with Siemens PLC

I noticed that I get duplicated logger messages on the terminal.

I've added following code to my main to fix the issue.

from kitty.core.kitty_object import KittyObject

# Remove duplicated log messages
logger = KittyObject.get_logger()
logger.propagate = False
KittyObject._logger = logger

But this issue can be fixed if we add logger.propagate = False to KittyObject method get_logger.
Not sure if that is intended behavior or not. But posting this here in case someone else runs into the same problem.

Thank you for creating Kitty!

After i update to v6.0.7 the web interface didn't display line break any more. it's work in the old version.

Since some fuzzing sessions have long test lists, the test manager holds long lists of sequential test numbers, which cause high memory usage, we should optimize it to hold them as some type of "range" objects.

Hi, I am using kitty to create a REST API fuzzer.
I am sending a lot of HTTPS requests and need to check each response.
Thus I use a callback function for the purpose of checking the response on each request:

def callbacker(fuzzer, edge, resp):
     print("RESPONSE:", resp)
model = GraphModel()
model.connect(http_template, None, callbacker)

In the current kitty version from pip, version 0.7.4, this functionality seems to be broken.
The problem is that the resp parameter for the callback function is always None.

Inside the _run_sequence method in kitty/fuzzers/server.py, I think I found the issue:

edge.callback(self, edge, resp) is called before resp = self._transmit(node). Therefore, the callback is always called with resp=None.
(link to this line in the code: https://github.com/cisco-sas/kitty/blob/master/kitty/fuzzers/server.py#L69)

By moving these lines

if edge.callback:
    edge.callback(self, edge, resp)

to right after the resp = self._transmit(node) line, the issue is now resolved and I can see the response in the callback function.

So: Is this a bug in the framework or am I using it incorrectly?

Thanks

It would be awesome to be able to specify a 'field path' when asking kitty-tool to generate mutations, and have kitty-tool generate mutations for that field path only.

It should be possible to specify field paths wherever you would use --skip, so also on fuzzer scripts.

Maybe allow specifying multiple paths too?

nccgroup/umap2 is a USB assessment tool, and they are using the kitty engine to fuzz USB host.

The issue I encounter is the following, I can't access any report, they all have the label "trigger timed out", and when I access the detail for a report I get an alert window with "Failed to load report" while in the console running the kitty engine (and the web server I guess) I get the following message :

Exception occurred during processing of request from ('127.0.0.1', 35804)
Traceback (most recent call last):
  File "/usr/lib64/python3.10/socketserver.py", line 316, in _handle_request_noblock
    self.process_request(request, client_address)
  File "/usr/lib64/python3.10/socketserver.py", line 347, in process_request
    self.finish_request(request, client_address)
  File "/usr/lib64/python3.10/socketserver.py", line 360, in finish_request
    self.RequestHandlerClass(request, client_address, self)
  File "/usr/local/lib/python3.10/site-packages/kittyfuzzer-0.7.4-py3.10.egg/kitty/interfaces/web.py", line 72, in __init__
    BaseHTTPRequestHandler.__init__(
  File "/usr/lib64/python3.10/socketserver.py", line 747, in __init__
    self.handle()
  File "/usr/lib64/python3.10/http/server.py", line 432, in handle
    self.handle_one_request()
  File "/usr/lib64/python3.10/http/server.py", line 420, in handle_one_request
    method()
  File "/usr/local/lib/python3.10/site-packages/kittyfuzzer-0.7.4-py3.10.egg/kitty/interfaces/web.py", line 116, in do_GET
    self._my_handle()
  File "/usr/local/lib/python3.10/site-packages/kittyfuzzer-0.7.4-py3.10.egg/kitty/interfaces/web.py", line 261, in _my_handle
    response = endpoints[endpoint]()
  File "/usr/local/lib/python3.10/site-packages/kittyfuzzer-0.7.4-py3.10.egg/kitty/interfaces/web.py", line 199, in _handle_api_request
    response = self._get_report()
  File "/usr/local/lib/python3.10/site-packages/kittyfuzzer-0.7.4-py3.10.egg/kitty/interfaces/web.py", line 234, in _get_report
    return json.dumps(response)
  File "/usr/lib64/python3.10/json/__init__.py", line 231, in dumps
    return _default_encoder.encode(obj)
  File "/usr/lib64/python3.10/json/encoder.py", line 199, in encode
    chunks = self.iterencode(o, _one_shot=True)
  File "/usr/lib64/python3.10/json/encoder.py", line 257, in iterencode
    return _iterencode(o, 0)
  File "/usr/lib64/python3.10/json/encoder.py", line 179, in default
    raise TypeError(f'Object of type {o.__class__.__name__} '
TypeError: Object of type bytes is not JSON serializable

I think the issue is related to kitty rather than umap2, but I might be wrong, in that case let me know and I will close the issue.

If you need additional information let me know, I will do my best to provide them.

root@bdeebb3c8e86:/tmp# python3
Python 3.6.7 (default, Oct 22 2018, 11:32:17) 
[GCC 8.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from kitty.fuzzers import ServerFuzzer
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/tmp/kitty/kitty/fuzzers/__init__.py", line 34, in <module>
    from kitty.fuzzers.base import BaseFuzzer
  File "/tmp/kitty/kitty/fuzzers/base.py", line 32, in <module>
    from kitty.data.data_manager import DataManager, SessionInfo
  File "/tmp/kitty/kitty/data/data_manager.py", line 23, in <module>
    import cPickle
ModuleNotFoundError: No module named 'cPickle'

import _pickle as cPickle

In some case, i actually written some protocols using scapy. I like to use scapy to communication with target, but i prefer using Kitty to fuzz my target.
Is there any better way to make kitty compatible with python-scapy field?

Having crypto (AES, DES) encoders in kitty depends on pycrypto. It's a heavy dependency for a feature that is not used that often. Maybe it should be part of katnip.

If someone has an input about that - I'll be happy to hear.

When fuzzing I keep the web interface open, but over time my web browser (with only this tab open) uses more and more ram (which ends up with a crash).

The crash occur after 6 to 24 hours after the fuzzing started.

I'm using Firefox 105.0.1 on Fedora 36, I don't know if it is related.

Raise an exception when someone attempts to add a 'failed' key to the report.
This is a use of the deprecated API.
Current API is to use the report.failed('reason') method.

The set_offset and render enter a deep loop when generating data from templates with deep hierarchies. This causes the mutation generation to be very slow.

In our fuzzing project, we wanted to store all reports so we could do some postprocessing and do statistics on every single test (we are fuzzing via HTTPS requests).

So we used fuzzer.set_store_all_reports(True) on our Kitty fuzzer object.

However, we noticed that the fuzzer becomes extremely slow over time when we enabled this option, to the point where there was no way it could finish our test. When only storing the tests that fail (as default), there are no significant slowdowns over time.

We also noticed the WebInterface becomes very slow and unresponsive when a lot of reports are being stored (possibly because it lists all reports in the UI?)

We thus decided to use our own report system, also using SQLite. We use our own customised solution and only log the data we want, and it turns out to be super fast and lightweight. We don't use threading and we insert and commit on every test.

So we are quite sure that there is some bottleneck in the Kitty report system code that makes it really slow when a lot of reports are being saved. We are not sure exactly what causes it, but maybe it could have something to do with the threading system (since we don't use threading and we get really fast results).

We can't pinpoint the problem exactly and don't have a solution right now, but thought we would make you aware of it :)