grizzly is cross platform browser fuzzing framework, when we read the introduction. it was developed by Mozilla Security. In this blog, i will show you how to use it to start browser fuzzing. This tutorial was running on my
This is the finally status:
So. let’s beginning.
First, we need to follow this instruction to install
- install grizzly
git clone https://github.com/MozillaSecurity/grizzly.git
install testcase reducer
git clone https://github.com/MozillaSecurity/lithium.git
python -m pip install -e lithium --user
install firefox support
git clone https://github.com/MozillaSecurity/ffpuppet.git
python -m pip install -e ffpuppet --user
download firefox build viaa fuzzfetch
git clone https://github.com/MozillaSecurity/fuzzfetch.git
python -m pip install -e fuzzfetch --user
python -m fuzzfetch -a -n firefox --fuzzing -o browsers/
wget -O ./browsers/prefs.js https://raw.githubusercontent.com/MozillaSecurity/fuzzdata/master/settings/firefox/prefs-default-e10s.js
Now, you can running it with
no-op adapter, because there was only one adapter was being installed by default, also you have no choice to find new one. you must write it by yourself. So, we can run it firstly:
But if you want another adapter, what should i do ?
Now, you can see this example. it was create from wiki, but it not suitable to Windows. so let’s change it.
- download domato (Dom fuzzer was developed by google project zero)
git clone --depth=1 https://github.com/googleprojectzero/domato
in this tutorial, i put in this place:
Now, we need to modify the script to make it suitable for windows.
tempfilecan not used in windows
- windows path format
- environment problem
also, you need make sure you fuzz data was generator correctly. So you need time sleep.
Now, you would found, it can be used correctly for custom fuzzer adapter. As you viewed as beginning. When i try to run this demo, it was caused about 2 days. Also there was another reason. for example. horriable network… So, next step, we should waiting and reading the source code.