The easiest way to get BFF up and running is to use the DebianFuzz
virtual machine. However, if this is not an option for you, it should
possible to run BFF on any UNIX-like operating system, as long as the
dependencies are met.
| Table of Contents |
|---|
...
In order to build zzuf and the other BFF dependencies, the following
packages may be required:
...
For additional analysis tools that can be used during or after a
fuzzing campaign, the following packages are required:
...
DebianFuzz has several optimizations that improve fuzzing performance.
If using your own operating system, you may wish to make the following
changes:
- The Fluxbox window manager is used instead of the heavy Gnome or KDE desktop environments.
Fluxbox is configured to not raise or focus new windows. This can help in situations where you may need to interact with the guest OS while a GUI application is being fuzzed.
Memory randomization is disabled (kernel.randomize_va_space = 0 in
/etc/sysctl.conf). This helps remove duplicate crashes where the target application does not have debug symbols.VMware Tools is installed, which allows the guest OS to share a directory with the host.
- The OS is configured to automatically log in and start X.
- sudo is configured to not prompt for a password.
strip is symlinked to /bin/true, which prevents symbols from being removed when an application is built.
...
To install BFF on a Fedora 16 32-bit system, for example, the following steps
can be performed:
1) Install dependencies present in the package system:
...
a) Disable Memory Randomization:
add "kernel.randomize_va_space=0" to /etc/sysctl.conf
(reboot after this change)
b) Symlink strip to true (to preserve symbols during builds)
sudo mv /usr/bin/strip /usr/bin/strip.bak
sudo ln -s /bin/true /usr/bin/strip
c) Use Fluxbox Window Manager instead of Metacitysudo yum install fluxbox
(Log out)
(Log in, selecting Fluxbox from drop-down selection)
(Right-click desktop, select "Run")
(Type in "fluxbox-generate_menu")
(Right-click desktop -> Fluxbox Menu -> Configure -> Focus model)
(Cick the following options and ensure they are not selected to disable them:)
(Auto Raise)
(Focus New Windows)
...
To install BFF on an Ubuntu 11.10 32-bit system, for example, the following steps
can be performed:
1) Install dependencies present in the package system:
sudo apt-get install python-numpy python-scipy python-yaml valgrind subversion automake libtool build-essential libncurses5-dev
2) Install libcaca, which is a dependency for building zzuf:
...
a) Disable Memory Randomization:
add "kernel.randomize_va_space=0" to /etc/sysctl.conf
(reboot after this change)
b) Symlink strip to true (to preserve symbols during builds)
sudo mv /usr/bin/strip /usr/bin/strip.bak
sudo ln -s /bin/true /usr/bin/strip
c) Use Fluxbox Window Manager instead of Metacitysudo apt-get install fluxbox
(Log out)
(Log in, selecting Fluxbox from drop-down selection (Gear symbol) )
(Right-click desktop -> Fluxbox Menu -> Configure -> Focus model)
(Cick the following options and ensure they are not selected to disable them:)
(Focus New Windows)
(Auto Raise)
...