Sunday, June 09, 2013

HOWTO : CERT Basic Fuzzing Framework (BFF) on Ubuntu Desktop 12.04 LTS

BFF is a fuzzing framework.

Step 1 :

sudo -sH
mkdir /opt/bff
cd /opt/bff
wget http://www.cert.org/download/bff/BFF-2.6.zip
unzip BFF-2.6.zip

Step 2 :

sudo -sH
apt-get install python-numpy python-scipy valgrind libtool libcaca0 caca-utils zzuf python-memcache imagemagick

Step 3 :

sudo -sH
mv /usr/bin/strip /usr/bin/strip-original
ln -s /bin/true /usr/bin/strip
ln -s /usr/bin/convert /root/convert

echo "kernel.randomize_va_space=0" >> /etc/sysctl.conf

Reboot your system.

Step 4 :

To run it (for the examples).

sudo -sH
cd /opt/bff
./batch.sh

The result is located at /root/results.

The example is situated at /opt/bff/seedfiles/examples. Those are .bmp, .gif, .ppm and .psd files only. You can fuzz binary file too.

To quit it.

cd /opt/bff
./reset_bff.sh 1

Step 5 (Optional) :

wget http://www.cert.org/download/bff/DebianFuzz-2.6.zip

Please read the Download page for detail of installation of Debian based virtual machine fuzzer. The BFF is running under the virtual machine (VMWare).

ImageMagick Fuzzing Tutorial



Analyzer Scripts Tutorial



Fuzz Testing: Vulnerabilities and Exploit mitigation (PDF)

That's all! See you.

at