BFuzzer v-2.1 released : A Browser Fuzzer for Vulnerbilities Researchers.

BFuzzer v-2.1 released : A Browser Fuzzer for Vulnerbilities Researchers.

Changelog BFuzzer v-2.1 :
+ the repair server module is not normal behavior in the IE9

BFuzzer is a simple Python code to help developers for use the browser memory corruption vulnerability mining framework.

Support Operating platform and dependencies:
+ 32-bit Windows systems, IE8 / 9/10/11
+ Python 2, additional installation pydbg library

The basic Scheme BFuzzer :
BFuzzer by two main components: server and monitor.

server as a simple WEB server:
– The browser provides the current or the next sample
– sample server is generated by the user according to fuzz strategy / algorithm

moniter responsible for controlling browser behavior:
– Start / restart / shutdown your browser
– Call crasher module hook browser exception handling, record important information
– Initialize the browser requests

Operating principle
monitoring with start the browser, the browser’s exception handling hook, force the browser to visit http: // host: port / init, init representative initialize the page, the page content is simple, namely by including

Samples prepared by the policy according to fuzz generation algorithm to generate the resulting samples available to server, server will receive similar http: // host: When the port / next to get the next sample to be tested, returned to the browser. Without considering the specific content of the sample contents:

Installation :

Download and install python 2 (I use Python 2.7.8);
Download and install pydbg library;
Download BFuzzer compressed and decompressed.

Usage :
BFuzzer understand the basic principles;
Run python
Run python

Run :
1. Close the browser to crash auto-recovery feature that allows the local implementation of the script;
2. Before running close in time debugging features: 32-bit Windows setting a registry key [HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows NT / CurrentVersion / AeDebug] The Auto setting is 064-bit Windows registry key [HKEY_LOCAL_MACHINE / SOFTWARE / Wow6432Node / Microsoft / Windows NT / CurrentVersion / AreDebug / Debugger] of Auto is 0
3. Disable MS14-037 delayed release mechanism to increase the target: setting a registry key [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ Main \ FeatureControl \ FEATURE_MEMPROTECT_MODE] of iexplore.exe is 0
Download :  | or git Clone
Source :