Downloaded 17 times
![Sut section
10/21/16 HACKTIVITY 15
[sut.webkit]
call=fuzzinator.call.SubprocessCall
call.decorate(0)=fuzzinator.call.StreamRegexFilter
call.decorate(1)=fuzzinator.call.SubprocessPropertyDecorator
call.decorate(2)=fuzzinator.call.PlatformInfoDecorator
reduce=fuzzinator.reduce.Picire
[sut.webkit.call]
cwd=${webkit:path}
command=./WebKitBuild/Debug/bin/MiniBrowser {test}
[sut.webkit.call.decorate(0)]
stderr_patterns=["(?P<msg>ASSERTION FAILED: [^n]+)n(?P<file>[^()n]+)", ...]
[sut.webkit.call.decorate(1)]
property=version
command=git rev-parse --short HEAD
cwd=${webkit:path}](https://image.slidesharecdn.com/hacktivity2016-161028163813/85/Fuzzinator-In-bug-we-trust-15-320.jpg)
![Fuzz section
10/21/16 HACKTIVITY 16
[fuzz.generinator_rats_webkit]
sut=sut.webkit
fuzzer=fuzzinator.fuzzer.SubprocessRunner
fuzzer.decorate(0)=fuzzinator.fuzzer.TornadoDecorator
batch=100
[fuzz.generinator_rats_webkit.fuzzer.init]
outdir=${fuzzinator:work_dir}/generinator_rats/{uid}
command=generinator-rats -o ${outdir} -n ${fuzz.generinator_rats_webkit:batch}
[fuzz.generinator_rats_webkit.fuzzer.decorate(0)]
port=8000](https://image.slidesharecdn.com/hacktivity2016-161028163813/85/Fuzzinator-In-bug-we-trust-16-320.jpg)
Uploaded byRenata Hodovan
Fuzzinator - In bug we trust.
The document discusses Fuzzinator, a fuzz testing framework. It provides an overview of why fuzz testing is useful in finding software bugs like crashes and memory issues. It outlines the mandatory components needed for a fuzzing framework, including a software under testing, test generator, transfer mechanism, and monitoring system. It also describes convenience features like reducing test cases and customizing issue reports. The document then details Fuzzinator's architecture and how it is based on customizable and replaceable building blocks for components like calling the software under test, generating tests, and reducing tests. It provides examples of configuring Fuzzinator using initialization files.
![[Wroclaw #4] Fuzzing - underestimated method of finding hidden bugs](https://cdn.slidesharecdn.com/ss_thumbnails/fuzzing4pdfexported-161029144418-thumbnail.jpg?width=640&height=640&fit=bounds)
Fuzzinator - In bug we trust.
- 1. Fuzzinator In bug wetrust. Renata Hodovan Akos Kiss
- 2. outline Why do youwant to have a fuzzer? For a fuzzer framework, what is … must have? … nice to have? What does Fuzzinator have? How can you have more? 10/21/16 HACKTIVITY 2
- 3. Why do youwant to fuzz? 10/21/16 HACKTIVITY 3
- 4. Why do youwant to fuzz? Real issues Crashes Memory corruptions Hangs Assertion failures Unhandled exceptions Reproducible issues Large amount of test cases with little effort 10/21/16 HACKTIVITY 4
- 5. Mandatory components Software UnderTesting Test generator Transfer mechanism Monitoring system 10/21/16 HACKTIVITY 5
- 6. Convenience functionalities Recognize uniqueissues Reduce test cases Customize issue descriptions Report issues Update SUTs regularly Schedule multiple generators / SUTs User friendly UI 10/21/16 HACKTIVITY 6
- 7. fuzzinator General fuzzer framework Extrasupport for browsers Based on building blocks Building blocks are arbitrarily … customizable replaceable Setup from config files 10/21/16 HACKTIVITY 7
- 8. Fuzzinator’s architecture 10/21/16 HACKTIVITY8 Controller Update Job Reduce Job SUT call Fuzz Job ReducerFuzzer ISSUE Updater TEST DB
- 9. Building blocks –sut calls Subprocess call Stream-monitored subprocess call Stdin subprocess call TestRunner subprocess call Python callable 10/21/16 HACKTIVITY 9
- 10. Building blocks –SUT decorators Exit code filter Stream regex filter GDB backtrace decorator Platform info decorator Unique ID decorator Anonymize decorator File writer decorator 10/21/16 HACKTIVITY 10
- 11. Building blocks -fuzzers Fuzzers Random content List directory Subprocess runner AFL runner Python callable Decorator Tornado decorator 10/21/16 HACKTIVITY 11
- 12. Building blocks -reducers Picire (https://github.com/renatahodovan/picire) Parallel Line or character based Picireny (https://github.com/renatahodovan/picireny) Parallel Grammar based 10/21/16 HACKTIVITY 12
- 13. How to configureyour fuzzer? Regular .ini syntax Section types SUT sections Fuzz sections Building block parameter sections Fuzzinator section 10/21/16 HACKTIVITY 13
- 14. Example test generators Randomcontent fuzzinator.fuzzer.RandomContent Generinator:RATS Random Attributes, Tags & Style Generation based fuzzer https://github.com/renatahodovan/generinator-rats 10/21/16 HACKTIVITY 14
- 15. Sut section 10/21/16 HACKTIVITY15 [sut.webkit] call=fuzzinator.call.SubprocessCall call.decorate(0)=fuzzinator.call.StreamRegexFilter call.decorate(1)=fuzzinator.call.SubprocessPropertyDecorator call.decorate(2)=fuzzinator.call.PlatformInfoDecorator reduce=fuzzinator.reduce.Picire [sut.webkit.call] cwd=${webkit:path} command=./WebKitBuild/Debug/bin/MiniBrowser {test} [sut.webkit.call.decorate(0)] stderr_patterns=["(?P<msg>ASSERTION FAILED: [^n]+)n(?P<file>[^()n]+)", ...] [sut.webkit.call.decorate(1)] property=version command=git rev-parse --short HEAD cwd=${webkit:path}
- 16. Fuzz section 10/21/16 HACKTIVITY16 [fuzz.generinator_rats_webkit] sut=sut.webkit fuzzer=fuzzinator.fuzzer.SubprocessRunner fuzzer.decorate(0)=fuzzinator.fuzzer.TornadoDecorator batch=100 [fuzz.generinator_rats_webkit.fuzzer.init] outdir=${fuzzinator:work_dir}/generinator_rats/{uid} command=generinator-rats -o ${outdir} -n ${fuzz.generinator_rats_webkit:batch} [fuzz.generinator_rats_webkit.fuzzer.decorate(0)] port=8000
- 17. Screenshot– main window 10/21/16HACKTIVITY 17
- 18. Screenshot – reportwindow 10/21/16 HACKTIVITY 18
- 19.