Let's get start to fuzzing firefox browser with grizzly

| 分类 安全工程师  | 标签 Fuzzing 

grizzly is cross platform browser fuzzing framework, when we read the introduction. it was developed by Mozilla Security. In this blog, i will show you how to use it to start browser fuzzing. This tutorial was running on my windows computer

This is the finally status:


So. let’s beginning.

First, we need to follow this instruction to install grizzly

  • install grizzly
git clone https://github.com/MozillaSecurity/grizzly.git
python -m pip install -e grizzly --user
  • install testcase reducer
    git clone https://github.com/MozillaSecurity/lithium.git
    python -m pip install -e lithium --user
  • install firefox support
    git clone https://github.com/MozillaSecurity/ffpuppet.git
    python -m pip install -e ffpuppet --user
  • download firefox build viaa fuzzfetch
    git clone https://github.com/MozillaSecurity/fuzzfetch.git
    python -m pip install -e fuzzfetch --user
    python -m fuzzfetch -a -n firefox --fuzzing -o browsers/
  • download prefs.js
    wget -O ./browsers/prefs.js https://raw.githubusercontent.com/MozillaSecurity/fuzzdata/master/settings/firefox/prefs-default-e10s.js


Now, you can running it with no-op adapter, because there was only one adapter was being installed by default, also you have no choice to find new one. you must write it by yourself. So, we can run it firstly: image

But if you want another adapter, what should i do ?


Now, you can see this example. it was create from wiki, but it not suitable to Windows. so let’s change it.

  • download domato (Dom fuzzer was developed by google project zero)
git clone --depth=1 https://github.com/googleprojectzero/domato

in this tutorial, i put in this place:


Now, we need to modify the script to make it suitable for windows.

  • tempfile can not used in windows
  • subprocess was error winError xx
  • windows path format
  • environment problem

also, you need make sure you fuzz data was generator correctly. So you need time sleep.

import os
import uuid
import random
import shutil
import subprocess
import tempfile
import time

from grizzly.common import Adapter, TestFile

DOMATO_PATH = "../../domato/generator.py"

class BasicExampleAdapter(Adapter):
    NAME = "basic"

    def setup(self, _):
        # create directory to temporarily store generated content
        self.fuzz["tmp"] = "./fuzztest{}".format(random.random()) #os.path.join('../../domato/','fuzz_gen{}'.format(str(uuid.uuid1()).split("-")[0]))   # tempfile.mkdtemp(prefix="fuzz_gen_")

        if os.environ.get("FUZZTOOL"):
            run = "pythoh {}".format(os.environ["FUZZTOOL"])
            run = "pythoh {}".format(DOMATO_PATH)
        # command used to call fuzzer to generate output
        self.fuzz["cmd"] = [
            run,  # binary to call
            "--no_of_files", "1",
            "--output_dir", self.fuzz["tmp"]

    def generate(self, testcase, *_):
        # launch fuzzer to generate a single file
        # subprocess.check_output(self.fuzz["cmd"])
        # subprocess.Popen(self.fuzz["cmd"], shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE )

        # lookup the name of the newly generated file on disk

        os.system("python ../../domato/generator.py --no_of_files 10 --output_dir {}".format(self.fuzz["tmp"]))

        gen_file = os.path.join(self.fuzz["tmp"], os.listdir(self.fuzz["tmp"])[0])
        # create a TestFile from the generated file
        test_file = TestFile.from_file(gen_file, testcase.landing_page)
        # remove generated file now that the data has been added to a test file
        # add test file to the testcase

    def shutdown(self):
        # remove temporary working directory if needed
        if os.path.isdir(self.fuzz["tmp"]):
            shutil.rmtree(self.fuzz["tmp"], ignore_errors=True)

Now, you would found, it can be used correctly for custom fuzzer adapter. As you viewed as beginning. When i try to run this demo, it was caused about 2 days. Also there was another reason. for example. horriable network… So, next step, we should waiting and reading the source code.

上一篇     下一篇