Configuration Elements

Overview

The XML file defines both the way the module looks like, acts and what types of data it sends as well as how it should generate the fuzzed data. Fuzz data can either be generated from a predefined list of buffer types, Textual and Binary, or from a list the builder of the module provides. The method to define what type of buffer types beSTORM will generate is done by placing a GeneratorOptSettings element under the top beSTORM element.

For example, the following defines to beSTORM that you would like to utilize the factory defined buffer types of Binary form.

<beSTORM Version="1.2" ><GeneratorOptSettings FactoryDefined="1" FactoryType=”Binary” />
<ModuleSettings>
<M Name="ASN1 Samples" >
<P Name="ASN1 Samples" >
<S Name="ASN1 Sentence" >
<C Name="Identifier Octet (Bit stream)" Value="0x04" />
<L Name="Length of Element" Split="128" ConditionedName="Buffer of Element" />
<B Name="Buffer of Element" ASCIIDefault="Data of Element" />
</S>
</P>
</M>
</ModuleSettings>
</beSTORM>

If you want to define your own buffer types you could place BT elements under the GeneratorOptSettings element, for example:

<GeneratorOptSettings>
<BT>
<BT Name="Repeated A" Max="65536" ASCIIValue="A" />
<BT Name="Repeated %n" Max="512" ASCIIValue="%n" />
<BT Name="Repeated %25n" Max="256" ASCIIValue="%25n" />
<BT Name="Repeated Base64A" Max="16384" Type="Base64" ASCIIValue="A" />
<BT Name="BiggerSmaller" Max="32768" ASCIIValue="&lt;&gt;" />
<BT Name="Repeated %00" Max="21846" ASCIIValue="%00" />
<BT Name="Number Generating DEC" Max="4294967295" Type="DecimalPositive" />
<BT Name="Negative Number Generating DEC" Max="2147483648" Type="DecimalNegative" />
<BT Name="Number Generating HEX" Max="4294967295" Type="DecimalPositive" />
<BT Name="Repeated Space" Max="65536" ASCIIValue=" " />
</BT>
</GeneratorOptSettings>

Each BT element has a child T element which defines the type of data that is generated.

The Name attribute is a user provided description of what this attack would generate.
The Max attribute defines how many times will this data be either repeated or incremented (depending on the attributes ASCIIValue or Type appearing).
The ASCIIValue (or Value for binary data) attribute tells beSTORM it should generate data that is repeated from 0 up to and including Max.
The Type attribute defines what sort of incrementing should be performed on the data; default value of Repeat is set to the attribute if no value is provided.
If Base64 is provided the data will be encoded (after it is generated) with the Base64 encoding scheme.
If DecimalPositive value is provided the number will be incremented and it is assumed that no negative number will ever be generated (due to overflowing of the number when incremented above the maximum allowed value).
If DecimalNegative value is provided the number will act as the DecimalPositive behaves, the only difference is that when an overflow occurs negative numbers will be used.
If Hex value is provided the DecimalPositive type will be used but the returned value would be presented in 0000000-FFFFFF form (textual).
If Binary value is provided the DecimalPositive type will be used but the returned value would be presented in 0-4294967296 form (textual).