Home

BrundleFuzz💣 is a distributed Windows fuzzer. Its core is based on AFL by lcamtuf

Structural Overview

Thousand miles overview:

• Windows clients (Python, C++)
• Linux clients (Python, C++)

Both communicate via RabbitMQ RPC with:

• Linux server (Python, third party stuff)

Modules

Client

• helpers

  • common
  • crash_analysis
  • fileops
  • rpc_client
  • utils

• BrundleFuzzClient.py

Server

• helpers

  • mutations
  • bitmap
  • common
  • cthulhu
  • database
  • fileops
  • queue
  • rpc_server
  • utils

• plugins

• BrundleFuzzServer.py

• BrundleFuzzWeb.py

Third Party Software

Gotchas

A non-exhaustive list of known issues

Getting it

Clone it from here:

$ git clone https://github.com/carlosgprado/BrundleFuzz.git

Installation

BrundleFuzz is written in Python (Core) and C/C++ (the DBI core). The installation is more or less straightforward:

• Clone the project :)

• Move the server directory to the server machine

  • Install the dependencies
  • Install RabbitMQ (simply via apt-get, yum, etc.)
  • Create a dedicated user for the fuzzer (the easiest way is to use rabbitmqctl doc here)

• Move the corresponding client (Windows or Linux) to the client machine

• The core of the clients is the PinTool

  • Right now it is only distributed as a source file "MyPinTool.cpp"
  • I may create a precompiled version in the future, but right now you have to compile it yourself
  • Compiling your own PinTool is kind of a pain so most of the people I know use this little trick:
    • cd to Pin_directory\source\tools\MyPinTool
    • Overwrite the MyPinTool.cpp file with yours
    • Open the project in Visual Studio (I used VS Community 2013, very recommended to use this one)
    • Build the project
      • NOTE: if you get errors complaining about SafeSEH just deactivate it in the linker options.
      • Right click -> Properties -> Configuration Properties -> Linker -> All Options
      • Search for "Image Has Safe Exception Handlers" and set it to "NO (/SAFESEH: NO)"
    • Move the resulting DLL to a directory of your choice (you can rename it as well)

• That should do it.

Dependencies

• Python 2.7.x (grab it here)

  • Recommended Python 2.7.9+ (includes pip)

• Intel PIN 3.0 (download it here)

These Python modules are part of the client's core:

• Winappdbg (pip install winappdbg)
  • This is awesome sauce, check more here
• SQLAlchemy (pip install sqlalchemy)
• Pika (pip install pika)

The following Python modules are needed for the server:

• Pika (pip install pika)

Nice to have (server side):

• PyPNG (pip install pypng)
• Colorama (pip install colorama)

For the web interface (prototype) to work you will need:

• Flask
• Flask-script
• Flask-bootstrap
• Flask-moment
• Flask-wtf
• Flask-sqlalchemy

Running

Once currently installed, running is pretty straightforward.

• Edit the config file, both in server and clients

  • Location of PIN and the corresponding PinTool
  • Location of the victim binary to analyze
  • IP and port of server
  • Credentials on the server

• Run the server for collecting information, crash files and coordinate the mutation process

  • python BrundleFuzzServer.py

• Run the client's core

  • python BrundleFuzzClient.py