grizzly is cross platform browser fuzzing framework, when we read the introduction. it was developed by Mozilla Security. In this blog, i will show you how to use it to start browser fuzzing. This tutorial was running on my windows computer
This is the finally status:
So. let's beginning.
First, we need to follow this instruction to install grizzly
Now, you can running it with no-op adapter, because there was only one adapter was being installed by default, also you have no choice to find new one. you must write it by yourself. So, we can run it firstly:
But if you want another adapter, what should i do ?
Now, you can see this example. it was create from wiki, but it not suitable to Windows. so let's change it.
download domato (Dom fuzzer was developed by google project zero)
Now, we need to modify the script to make it suitable for windows.
tempfile can not used in windows
subprocess was error winError xx
windows path format
environment problem
also, you need make sure you fuzz data was generator correctly. So you need time sleep.
import os
import uuid
import random
import shutil
import subprocess
import tempfile
import time
from grizzly.common import Adapter, TestFile
DOMATO_PATH = "../../domato/generator.py"
class BasicExampleAdapter(Adapter):
NAME = "basic"
def setup(self, _):
self.enable_harness()
# create directory to temporarily store generated content
self.fuzz["tmp"] = "./fuzztest{}".format(random.random()) #os.path.join('../../domato/','fuzz_gen{}'.format(str(uuid.uuid1()).split("-")[0])) # tempfile.mkdtemp(prefix="fuzz_gen_")
os.mkdir(self.fuzz['tmp'])
if os.environ.get("FUZZTOOL"):
run = "python {}".format(os.environ["FUZZTOOL"])
else:
run = "python {}".format(DOMATO_PATH)
# command used to call fuzzer to generate output
self.fuzz["cmd"] = [
run, # binary to call
"--no_of_files", "1",
"--output_dir", self.fuzz["tmp"]
]
def generate(self, testcase, *_):
# launch fuzzer to generate a single file
# subprocess.check_output(self.fuzz["cmd"])
# subprocess.Popen(self.fuzz["cmd"], shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE )
# lookup the name of the newly generated file on disk
os.system("python ../../domato/generator.py --no_of_files 10 --output_dir {}".format(self.fuzz["tmp"]))
time.sleep(3)
gen_file = os.path.join(self.fuzz["tmp"], os.listdir(self.fuzz["tmp"])[0])
# create a TestFile from the generated file
test_file = TestFile.from_file(gen_file, testcase.landing_page)
# remove generated file now that the data has been added to a test file
os.remove(gen_file)
# add test file to the testcase
testcase.add_file(test_file)
def shutdown(self):
# remove temporary working directory if needed
if os.path.isdir(self.fuzz["tmp"]):
shutil.rmtree(self.fuzz["tmp"], ignore_errors=True)
Now, you would found, it can be used correctly for custom fuzzer adapter. As you viewed as beginning. When i try to run this demo, it was caused about 2 days. Also there was another reason. for example. horriable network... So, next step, we should waiting and reading the source code.
grizzly is cross platform browser fuzzing framework, when we read the introduction. it was developed by Mozilla Security. In this blog, i will show you how to use it to start browser fuzzing. This tutorial was running on my
windows
computerThis is the finally status:
So. let's beginning.
First, we need to follow this instruction to install
grizzly
install testcase reducer
install firefox support
download firefox build viaa fuzzfetch
download prefs.js
Now, you can running it with
no-op
adapter, because there was only one adapter was being installed by default, also you have no choice to find new one. you must write it by yourself. So, we can run it firstly:But if you want another adapter, what should i do ?
Now, you can see this example. it was create from wiki, but it not suitable to Windows. so let's change it.
in this tutorial, i put in this place:
Now, we need to modify the script to make it suitable for windows.
tempfile
can not used in windowssubprocess
was errorwinError xx
also, you need make sure you fuzz data was generator correctly. So you need time sleep.
Now, you would found, it can be used correctly for custom fuzzer adapter. As you viewed as beginning. When i try to run this demo, it was caused about 2 days. Also there was another reason. for example. horriable network... So, next step, we should waiting and reading the source code.