skipfish on OpenSolaris

There's been several articles about skipfish, a web application recon tool from Google. Ignoring the documentation that called for glibc to be present, I tried the compile anyway. Aside from environment variable adjustments and an include file or two, the primary obstacle is the use of glibc's malloc_usable_size() - its primary apparent usage is to assist in zeroing out malloc'd memory.

I'd done some testing with pulling out malloc_usable_size and the tool would run, but bail when writing out final results (see the comments). I've since went the route of modifying skipfish to use Doug Lea's malloc library, which includes an implementation of malloc_usable_size(). And that's been working great.

initial allocations). I've uploaded a patch for the necessary changes. The patch is based on v1.26b of skipfish.

The basic steps:

Ensure you have the IDN library installed $ pkg list |grep idn library/idnkit (opensolaris.org) 0.5.11-0.134 installed ----- library/libidn (opensolaris.org) 1.9-0.134 installed ----- Download and unpack skipfish Copy the patch into the unpacked skipfish directory. $ cd skipfish $ patch -p1 < skipfish.1.26b.solaris.dmalloc.patch patching file alloc-inl.h patching file dlmalloc.c patching file dlmalloc.h patching file Makefile patching file report.c $ CC="/usr/bin/gcc" CFLAGS="-I/usr/include/idn -DUSE_LOCKS" \\ LIBS="-lsocket -lnsl -lpthread" make

From there, read the skipfish wiki for details on running the tool. Also check out the known issues. The item I hit immediately was not having a terminal size of at least 100x35. Things run fine, but the output to the terminal can get munged at smaller sizes.

If you do any testing of skipfish running on OpenSolaris, let me know how it goes. May look at getting this into the SourceJuicer. And by the way, I'm not a web-security expert. While I'm happy to (try to) answer questions about why skipfish may not compile on OpenSolaris, I cannot answer questions about the results the tool returns.

:wq

Comments:

Finally had a skipfish run finish its scan, then it aborted at the very end with some ludicrously large alloc request when writing out the scan description. My "patch" is looking much more like a hack. Still interested to hear if others have luck.

Posted by Scott Davenport on March 26, 2010 at 08:44 AM PDT #

Hmm...all may not be lost yet. The abort was legitimate (no core dump) and it appears the alloc request exceeded MAX_ALLOC (defined in config.h). Recompiling with a larger value here and trying the run again. We'll see...

Posted by Scott Davenport on March 26, 2010 at 09:00 AM PDT #

This hack isn't working out, so I've pulled down the patch. The tool seems to run fine, but at the very end when writing out the scan description it bails. I've gone so far as to remove all allocation size checking to no avail. The hackery around not zero-filling the realloc's is not going to work.

I'm now doing some mods to skipfish to use Doug Lea's ftp://gee.cs.oswego.edu/pub/misc/malloc.c which includes a malloc_usable_size() routine. May do the trick...

Posted by Scott Davenport on March 29, 2010 at 08:35 AM PDT #

Using Doug Lea's malloc routines is working. I've updated the patch (and a bit of the text in the main entry).

Posted by Scott Davenport on March 30, 2010 at 06:02 AM PDT #

Post a Comment:
Comments are closed for this entry.
About

user9148476

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today