Sunday, June 09, 2013

HOWTO : CERT Basic Fuzzing Framework (BFF) on Ubuntu Desktop 12.04 LTS

BFF is a fuzzing framework.

Step 1 :

sudo -sH
mkdir /opt/bff
cd /opt/bff

Step 2 :

sudo -sH
apt-get install python-numpy python-scipy valgrind libtool libcaca0 caca-utils zzuf python-memcache imagemagick

Step 3 :

sudo -sH
mv /usr/bin/strip /usr/bin/strip-original
ln -s /bin/true /usr/bin/strip
ln -s /usr/bin/convert /root/convert

echo "kernel.randomize_va_space=0" >> /etc/sysctl.conf

Reboot your system.

Step 4 :

To run it (for the examples).

sudo -sH
cd /opt/bff

The result is located at /root/results.

The example is situated at /opt/bff/seedfiles/examples. Those are .bmp, .gif, .ppm and .psd files only. You can fuzz binary file too.

To quit it.

cd /opt/bff
./ 1

Step 5 (Optional) :


Please read the Download page for detail of installation of Debian based virtual machine fuzzer. The BFF is running under the virtual machine (VMWare).

ImageMagick Fuzzing Tutorial

Analyzer Scripts Tutorial

Fuzz Testing: Vulnerabilities and Exploit mitigation (PDF)

That's all! See you.