-
Notifications
You must be signed in to change notification settings - Fork 36
Home
BrundleFuzz
💣 is a distributed Windows fuzzer. Its core is based on AFL by lcamtuf
Thousand miles overview:
- Windows clients (Python, C++)
- Linux clients (Python, C++)
Both communicate via RabbitMQ RPC with:
- Linux server (Python, third party stuff)
-
helpers
A non-exhaustive list of known issues
Clone it from here:
$ git clone https://github.com/carlosgprado/BrundleFuzz.git
BrundleFuzz is written in Python (Core) and C/C++ (the DBI core). The installation is more or less straightforward:
-
Clone the project :)
-
Move the
server
directory to the server machine- Install the dependencies
- Install RabbitMQ (simply via apt-get, yum, etc.)
- Create a dedicated user for the fuzzer (the easiest way is to use
rabbitmqctl
doc here)
-
Move the corresponding
client
(Windows or Linux) to the client machine -
The core of the clients is the
PinTool
- Right now it is only distributed as a source file "MyPinTool.cpp"
- I may create a precompiled version in the future, but right now you have to compile it yourself
- Compiling your own PinTool is kind of a pain so most of the people I know use this little trick:
- cd to Pin_directory\source\tools\MyPinTool
- Overwrite the MyPinTool.cpp file with yours
- Open the project in Visual Studio (I used VS Community 2013, very recommended to use this one)
- Build the project
- NOTE: if you get errors complaining about SafeSEH just deactivate it in the linker options.
- Right click -> Properties -> Configuration Properties -> Linker -> All Options
- Search for "Image Has Safe Exception Handlers" and set it to "NO (/SAFESEH: NO)"
- Move the resulting DLL to a directory of your choice (you can rename it as well)
-
That should do it.
-
Python 2.7.x (grab it here)
- Recommended Python 2.7.9+ (includes pip)
-
Intel PIN 3.0 (download it here)
These Python modules are part of the client's core:
- Winappdbg (
pip install winappdbg
)- This is awesome sauce, check more here
- SQLAlchemy (
pip install sqlalchemy
) - Pika (
pip install pika
)
The following Python modules are needed for the server:
- Pika (
pip install pika
)
Nice to have (server side):
- PyPNG (
pip install pypng
) - Colorama (
pip install colorama
)
For the web interface (prototype) to work you will need:
- Flask
- Flask-script
- Flask-bootstrap
- Flask-moment
- Flask-wtf
- Flask-sqlalchemy
Once currently installed, running is pretty straightforward.
-
Edit the config file, both in server and clients
- Location of PIN and the corresponding PinTool
- Location of the
victimbinary to analyze - IP and port of server
- Credentials on the server
-
Run the server for collecting information, crash files and coordinate the mutation process
python BrundleFuzzServer.py
-
Run the client's core
python BrundleFuzzClient.py