Skip to content
CarlOS edited this page Sep 12, 2016 · 4 revisions

BrundleFuzz:bomb: is a distributed Windows fuzzer. Its core is based on AFL by lcamtuf

Structural Overview

Thousand miles overview:

  • Windows clients (Python, C++)
  • Linux clients (Python, C++)

Both communicate via RabbitMQ RPC with:

  • Linux server (Python, third party stuff)

Modules

Client

Server

Third Party Software

Gotchas

A non-exhaustive list of known issues

Getting it

Clone it from here:

$ git clone https://github.com/carlosgprado/BrundleFuzz.git

Installation

BrundleFuzz is written in Python (Core) and C/C++ (the DBI core). The installation is more or less straightforward:

  • Clone the project :)

  • Move the server directory to the server machine

    • Install the dependencies
    • Install RabbitMQ (simply via apt-get, yum, etc.)
    • Create a dedicated user for the fuzzer (the easiest way is to use rabbitmqctl doc here)
  • Move the corresponding client (Windows or Linux) to the client machine

  • The core of the clients is the PinTool

    • Right now it is only distributed as a source file "MyPinTool.cpp"
    • I may create a precompiled version in the future, but right now you have to compile it yourself
    • Compiling your own PinTool is kind of a pain so most of the people I know use this little trick:
      • cd to Pin_directory\source\tools\MyPinTool
      • Overwrite the MyPinTool.cpp file with yours
      • Open the project in Visual Studio (I used VS Community 2013, very recommended to use this one)
      • Build the project
        • NOTE: if you get errors complaining about SafeSEH just deactivate it in the linker options.
        • Right click -> Properties -> Configuration Properties -> Linker -> All Options
        • Search for "Image Has Safe Exception Handlers" and set it to "NO (/SAFESEH: NO)"
      • Move the resulting DLL to a directory of your choice (you can rename it as well)
  • That should do it.

Dependencies

  • Python 2.7.x (grab it here)

    • Recommended Python 2.7.9+ (includes pip)
  • Intel PIN 3.0 (download it here)

These Python modules are part of the client's core:

  • Winappdbg (pip install winappdbg)
    • This is awesome sauce, check more here
  • SQLAlchemy (pip install sqlalchemy)
  • Pika (pip install pika)

The following Python modules are needed for the server:

  • Pika (pip install pika)

Nice to have (server side):

  • PyPNG (pip install pypng)
  • Colorama (pip install colorama)

For the web interface (prototype) to work you will need:

  • Flask
  • Flask-script
  • Flask-bootstrap
  • Flask-moment
  • Flask-wtf
  • Flask-sqlalchemy

Running

Once currently installed, running is pretty straightforward.

  • Edit the config file, both in server and clients

    • Location of PIN and the corresponding PinTool
    • Location of the victim binary to analyze
    • IP and port of server
    • Credentials on the server
  • Run the server for collecting information, crash files and coordinate the mutation process

    • python BrundleFuzzServer.py
  • Run the client's core

    • python BrundleFuzzClient.py
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.