Note: This FAQ applies to beSTORM versions 13.4.0 or later. See How does the monitoring process for Linux work? (13.3.0 or earlier) for earlier versions of beSTORM.


Linux monitoring offers several options to monitor your process. The first option is to use GnuDB (debugger). GnuDB is an open source and widely available debugger you can instruct to inform beSTORM whenever an exception occurs.
Located in the beSTORM\beSTORM Monitor folder are three sample scripts included with beSTORM that can perform this functionality: 

  • gdb_monitor.pl Perl scripts
  • gdb_monitor.py Python script for python 2 versions
  • gdb_monitor_python3.py Python script for python 3 versions

 

Monitoring with gdb_monitor_python3 example

To use the gdb_monitor_python3.py script on an Ubuntu Linux system to monitor a process targeted by beSTORM while fuzzing one of the protocols/modules included, follow the steps in this section.


  1. Install the following software packages on the Linux system using the commands provided:
    1. gdb (GnuDB)
      sudo apt install gdb
    2. python3
      sudo apt install python3
    3. netcat 
      sudo apt install netcat
  2. After the packages are installed, copy the gdb_monitor_python3.py script to the Ubuntu Linux system.
  3. Open beSTORM Client.
  4. Select New Project. The beSTORM New Project Wizard opens.
  5. Proceed through the wizard configuring each page until you reach the Extra Configuration page, and then do the following:
    1. In the Monitored IP address box, enter the IP address of the Ubuntu Linux system. This IP address is also the target IP address of the project. 
    2. Select the External Monitor checkbox.
    3. In the External Monitor IP address box, enter the IP address of the Ubuntu Linux system (this is the same as the Monitored IP address). beSTORM will receive messages from the monitor running on the Ubuntu Linux system.  
  6. Select Next and continue through the wizard until you reach the Complete beSTORM wizard page. 
  7. Clear the Auto-start beSTORM scan now checkbox, and then select Finish.
  8. On the beSTORM Client window, in the bottom-left corner, the Monitor Status will display Unknown.
  9. On the Ubuntu Linux system, start the gdb_monitor_python3.py script using the following command, replacing the noted items before you run it:
    1. <beSTORM_Ip> - Enter the IP address you used in step 5c.
    2. <process_id> - Enter the pid of the process you want to monitor.
      python3 gdb_monitor_python3.py --host <beSTORM_Ip> --pid <process_id> --log gdb_log.txt
  10. Once you run the command, the Monitor Status in beSTORM will change to Running. This indicates that you can now start fuzz testing in beSTORM.

 

In some cases, debugging is not possible as the process can spawn new child processes, is a kernel module, etc. In those cases, you can use a non-debugger based beSTORM monitor agent. 


For example, the bestorm_tail.pl script (included with beSTORM) follows a provided file and looks for specific strings. It will then pass the strings to beSTORM to report that a failure/exception has occurred. If the more common SEGFAULT string is found inside a program's log file, this indicates that a segmentation fault (a crash, usually unhandled) has occurred.