You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next » 

CERT Basic Fuzzing Framework (BFF)
Significant changes

BFF 2.7 (September 23, 2013)
  * Virtual Machine changes:
    - Switch to Ubuntu from Debian
    
  * Code changes:
    - Use of PIN to uniquely identify crashes that trash the stack
    - Optional feature to recycle crashing test cases as seed files
    - Minimization to string defaults to Metasploit string

BFF 2.6 (October 19, 2012)

  * Code changes:
    - Incorporated CERT Triage Tools 1.04 to determine exploitability of 
      crashes found.
    - Integrated code improvements from FOE 2.0 release
    - BFF 2.6 and FOE 2.0.1 use the same certfuzz package
    - Improved fuzzing campaign recovery after VM reboot
    - Detect and abort minimization if it takes too long (> 1hr)
    - Fixed a bug in minimizer crash recycling
    - Various bug fixes and improved error handling

BFF 2.5 (October 26, 2011)

  * Virtual Machine changes:
	- Upgraded to python 2.7
	- Upgraded to gdb 7.2

  * Code changes:
	- BFF now runs on OSX in addition to Linux
	- Support for multiple seed files
	- Crashes found during minimization get analyzed as well
	- Improved machine learning implementation applied to both
	  seed file selection and rangefinder
	- Improved crash uniqueness determination on Linux
	- Minimizer tuned for performance
	- callgrind generated on unique crashers for code coverage analysis
	- default gdb output changed to provide additional details
	- Basic crash clustering (analysis/callsim.py) using callgrind coverage analysis
	- Optional minimization-to-string feature	

BFF 2.0 (February 14, 2011)

  * Virtual Machine changes:
	- Added python libraries: Numpy, Scipy, Matplotlib

  * Code changes:
	- Ported BFF from Perl to Python
	- Complete rewrite of crasher minimization using probability-based
	  algorithm
	- Added 'rangefinder' capability to automatically discover optimal 
	  fuzzing probability range(s)
	- Restructured output directory (./crashers), now organized 
	  by crash hash
    - Added analyzer scripts for visualization & fuzz run analysis

BFF 1.1 (September 21, 2010)

  * Virtual Machine changes:
    - Updated to Debian Squeeze for newer libraries.
    - Installed generic vesa video driver for increased VM compatibility.
    - Fixed strip symlink to /bin/true .

  * Code changes:
    - Forcibly kill gdb
    - Removed unused tty information
    - Updated to save SIGABRT crashes, discarding those caused by failed.
	  asserts. Failed asserts can be saved through config option.
    - Refactored perl script for increased performance and usability.
    - Added crasher minimization script

BFF 1.0 (May 17, 2010)

  * Initial Release
  • No labels