Changelog BFuzzer v-2.1 :
+ the repair server module is not normal behavior in the IE9
BFuzzer is a simple Python code to help developers for use the browser memory corruption vulnerability mining framework.
Support Operating platform and dependencies:
+ 32-bit Windows systems, IE8 / 9/10/11
+ Python 2, additional installation pydbg library
The basic Scheme BFuzzer :
BFuzzer by two main components: server and monitor.
server as a simple WEB server:
– The browser provides the current or the next sample
– sample server is generated by the user according to fuzz strategy / algorithm
moniter responsible for controlling browser behavior:
– Start / restart / shutdown your browser
– Call crasher module hook browser exception handling, record important information
– Initialize the browser requests
monitoring with start the browser, the browser’s exception handling hook, force the browser to visit http: // host: port / init, init representative initialize the page, the page content is simple, namely by including
<meta http-equiv = "refresh" content = "3; url = http: // host: port / next" />
The way to make a request in three seconds after the real sample browser: http: // host: port / next.
Samples prepared by the policy according to fuzz generation algorithm to generate the resulting samples available to server, server will receive similar http: // host: When the port / next to get the next sample to be tested, returned to the browser. Without considering the specific content of the sample contents:
<meta http-equiv="refresh" content="30; url=http://hostLpoer/next/long" />
window.location.href = 'http://host:port/next';
Download and install python 2 (I use Python 2.7.8);
Download and install pydbg library;
Download BFuzzer compressed and decompressed.
BFuzzer understand the basic principles;
Run server.py: python server.py
Run moniter.py: python moniter.py
1. Close the browser to crash auto-recovery feature that allows the local implementation of the script;
2. Before running close in time debugging features: 32-bit Windows setting a registry key [HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows NT / CurrentVersion / AeDebug] The Auto setting is 064-bit Windows registry key [HKEY_LOCAL_MACHINE / SOFTWARE / Wow6432Node / Microsoft / Windows NT / CurrentVersion / AreDebug / Debugger] of Auto is 0
3. Disable MS14-037 delayed release mechanism to increase the target: setting a registry key [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ Main \ FeatureControl \ FEATURE_MEMPROTECT_MODE] of iexplore.exe is 0
Download : Master.zip | or git Clone
Source : https://github.com/hikerell