The easiest way to get BFF up and running is to use the UbuFuzz virtual machine. However, if this is not an option for you, it should possible to run BFF on any UNIX-like operating system, as long as the dependencies are met.
| Table of Contents |
|---|
Dependencies
For basic fuzzing functionality, the following packages are required:
...
- Python hcluster
- Python matplotlib
Filesystem layout
By default, BFF will use the following filesystem locations:
For the location of the scripts (including bff.py):~/bff
For the results:~/results
The default fuzzing target of ImageMagick:~/convert
All of these locations can be symlinks.
Beginning a fuzzing campaign
Simply run ~/bff/batch.sh to start fuzzing.
Tuning the operating system
UbuFuzz has several optimizations that improve fuzzing performance. If using your own operating system, you may wish to make the following changes:
- The Fluxbox window manager is used instead of the heavy Gnome or KDE desktop environments.
Fluxbox is configured to not raise or focus new windows. This can help in situations where you may need to interact with the guest OS while a GUI application is being fuzzed.
Memory randomization is disabled (kernel.randomize_va_space = 0 in
/etc/sysctl.conf). This helps remove duplicate crashes where the target application does not have debug symbols.VMware Tools is installed, which allows the guest OS to share a directory with the host.
- The OS is configured to automatically log in and start X.
- sudo is configured to not prompt for a password.
strip is symlinked to /bin/true, which prevents symbols from being removed when an application is built.
Example installation on Fedora 16 32-bit
To install BFF on a Fedora 16 32-bit system, for example, the following steps can be performed:
1) Install dependencies present in the package system:
...
7) Start fuzzing
~/bff/batch.sh
System Performance Configurations for Fedora
a) Disable Memory Randomization:
add "kernel.randomize_va_space=0" to /etc/sysctl.conf
(reboot after this change)
b) Symlink strip to true (to preserve symbols during builds)
...
c) Use Fluxbox Window Manager instead of Metacitysudo yum install fluxbox
(Log out)
(Log in, selecting Fluxbox from drop-down selection)
(Right-click desktop, select "Run")
(Type in "fluxbox-generate_menu")
(Right-click desktop -> Fluxbox Menu -> Configure -> Focus model)
(Cick the following options and ensure they are not selected to disable them:)
(Auto Raise)
(Focus New Windows)
Example installation on Ubuntu 11.10 32-bit
To install BFF on an Ubuntu 11.10 32-bit system, for example, the following steps
can be performed:
1) Install dependencies present in the package system:
...
7) Start fuzzing
~/bff/batch.sh
System Performance Configurations for Ubuntu
a) Disable Memory Randomization:
add "kernel.randomize_va_space=0" to /etc/sysctl.conf
(reboot after this change)
b) Symlink strip to true (to preserve symbols during builds)
...
c) Use Fluxbox Window Manager instead of Metacitysudo apt-get install fluxbox
(Log out)
(Log in, selecting Fluxbox from drop-down selection (Gear symbol) )
(Right-click desktop -> Fluxbox Menu -> Configure -> Focus model)
(Cick the following options and ensure they are not selected to disable them:)
(Focus New Windows)
(Auto Raise)
Example installation on openSUSE 12 32-bit
To install BFF on an openSUSE 12 32-bit system, for example, the following steps
can be performed:
1) Install dependencies present in the package system:
...
7) Start fuzzing
~/bff/batch.sh
System Performance Configurations for Fedora
a) Disable Memory Randomization:
add "kernel.randomize_va_space=0" to "/etc/sysctl.conf"
(reboot after this change)
b) Symlink strip to true (to preserve symbols during builds)
...