Skip to content
CarlOS edited this page Sep 12, 2016 · 4 revisions

BrundleFuzz:bomb: is a distributed Windows fuzzer. Its core is based on AFL by lcamtuf

Structural Overview

Thousand miles overview:

  • Windows clients (Python, C++)
  • Linux clients (Python, C++)

Both communicate via RabbitMQ RPC with:

  • Linux server (Python, third party stuff)

Modules

Client

Server

Third Party Software

Gotchas

A non-exhaustive list of known issues

Getting it

Clone it from here:

$ git clone https://github.com/carlosgprado/BrundleFuzz.git

Installation

BrundleFuzz is written in Python (Core) and C/C++ (the DBI core). The installation is more or less straightforward:

  • Clone the project :)

  • Move the server directory to the server machine

    • Install the dependencies
    • Install RabbitMQ (simply via apt-get, yum, etc.)
    • Create a dedicated user for the fuzzer (the easiest way is to use rabbitmqctl doc here)
  • Move the corresponding client (Windows or Linux) to the client machine

  • The core of the clients is the PinTool

    • Right now it is only distributed as a source file "MyPinTool.cpp"
    • I may create a precompiled version in the future, but right now you have to compile it yourself
    • Compiling your own PinTool is kind of a pain so most of the people I know use this little trick:
      • cd to Pin_directory\source\tools\MyPinTool
      • Overwrite the MyPinTool.cpp file with yours
      • Open the project in Visual Studio (I used VS Community 2013, very recommended to use this one)
      • Build the project
        • NOTE: if you get errors complaining about SafeSEH just deactivate it in the linker options.
        • Right click -> Properties -> Configuration Properties -> Linker -> All Options
        • Search for "Image Has Safe Exception Handlers" and set it to "NO (/SAFESEH: NO)"
      • Move the resulting DLL to a directory of your choice (you can rename it as well)
  • That should do it.

Dependencies

  • Python 2.7.x (grab it here)

    • Recommended Python 2.7.9+ (includes pip)
  • Intel PIN 3.0 (download it here)

These Python modules are part of the client's core:

  • Winappdbg (pip install winappdbg)
    • This is awesome sauce, check more here
  • SQLAlchemy (pip install sqlalchemy)
  • Pika (pip install pika)

The following Python modules are needed for the server:

  • Pika (pip install pika)

Nice to have (server side):

  • PyPNG (pip install pypng)
  • Colorama (pip install colorama)

For the web interface (prototype) to work you will need:

  • Flask
  • Flask-script
  • Flask-bootstrap
  • Flask-moment
  • Flask-wtf
  • Flask-sqlalchemy

Running

Once currently installed, running is pretty straightforward.

  • Edit the config file, both in server and clients

    • Location of PIN and the corresponding PinTool
    • Location of the victim binary to analyze
    • IP and port of server
    • Credentials on the server
  • Run the server for collecting information, crash files and coordinate the mutation process

    • python BrundleFuzzServer.py
  • Run the client's core

    • python BrundleFuzzClient.py
You can’t perform that action at this time.