=== Requirements===In order to use this software you need:
* The mozdevice module:
Tested with at
but changes are regularly merged to main.
* A working Android Development environment (in particular ADB)
* A rooted Android device with Fennec (Firefox Mobile) with crash reporter enabled.
* A non-rooted Android device with your own debuggable Firefox Mobile build (see end of this doc) and crash reporter enabled.
* A network connection between your host machine and the Android device, e.g. a common LAN/WLAN.
* A Firefox profile on the device with settings as shown in the misc/prefs.js file. You can simply copy this file to the profile directory while Firefox is not running. (DON’T use your productive profile for this!)
* The em-websocket-proxy script (gem install em-websocket-proxy).
=== Configuring the Sample Fuzzer ===
Open the file helloworld.cfg, adjust localHost to match your host’s LAN IP address. If you are attempting to use ADB over TCP/IP, rather than over a USB connection, also set the remoteHost variable appropriately.
=== Starting the Sample Fuzzer ===
Start the fuzzer with the following command:
python adbfuzz.py helloworld.cfg run
You’ll see all sorts of debug messages, but if everything goes right, you should see Fennec popup on the device, trying to contact the host to load the fuzzing code.
The sample fuzzer included is just a little demo that makes a pink square div bounce around using random CSS transformations. It’s unlikely that this alone will find bugs, but I think it’s a good demonstration of what you can do.
=== Reproducing crashes ===
The sample fuzzer sends all commands it executes using websockets. Once the harness detects a crash, it will copy the logfiles (websocket+syslog) and store them together with the crash dump. You need to extract the information from the log and replace the “start();” call at the end of the fuzzer file with those
commands to replay them.
=== Advanced: Creating a debuggable Firefox build for use with non-rooted devices ===
The harness supports running on non-rooted devices, given that the “run-as” functionality is working. Using “run-as” requires the installed target package to be marked in a special way (“debuggable”), because it allows other apps to access the data of that application, which would be a security problem. To build your own Fennec debuggable package, perform the following steps:
1. Get a working build environment for Fennec:
2. Modify the file mobile/android/base/AndroidManifest.xml.in:
In that file, search for “debuggable”, you will find a conditional where it’s set to true or false based on MOZILLA_OFFICIAL. Make sure it’s always true.
3. Use the following .mozconfig to build (make -f client.mk && make -C objdir-droid package):
# Add the correct paths here
# android options
# 32 bit
4. Install the resulting package in objdir-droid/dist/ to your device.
5. Verify it’s running, using “adb shell run-as org.mozilla.fennec_yourusername ls”.