Wednesday, January 28, 2015

Generate sample fuzz files using Radamsa Fuzzer

Radamsa is a general purpose data fuzzer, reads data from given sample files and outputs modified data usually malformed.

Below command takes html files as input and generates infinite output  malformed html files (press Ctrl + C to stop generation of files). "-n 100000" will generate one lakh malformed html files.

$radamsa -o gen_htmls/test_browser_%n.html -n inf -r ../poc_html_files/*.html -M -

-o        specify where to write the modified data.
%n      represents test case number
-n        how  many outputs to generate based on the sample(s). -1 or inf generates infinite output
-M -    write metadata about generated data to given path, - indicates stdout

"-M -" generates below metadata of generated output file
xp-repeat: 3, xp-dup: 1, xp-insert: 1, xp-swap: 1, muta-num: 1, source: "../poc_html_files/sample1.html", generator: file, nth: 31812, path: "gen_htmls/test_browser_31812.html", output: file-writer, length: 1622, pattern: burst
xp-repeat: 4, xp-dup: 2, xp-insert: 4, fuse-old: 1, muta-num: 4, source: "../poc_html_files/sample2.html", generator: file, nth: 31813, path: "gen_htmls/test_browser_31813.html", output: file-writer, length: 2515, pattern: many-dec
xp-repeat: 1, xp-pump: 1, xp-dup: 1, xp-insert: 5, muta-num: 1, source: "../poc_html_files/sample3.html", generator: file, nth: 31814, path: "gen_htmls/test_browser_31814.html", output: file-writer, length: 14832, pattern: burst

praveend@praveend-VirtualBox:~/radamsa-0.4/bin/gen_htmls$
$ ls -t |more
test_browser_31816.html
test_browser_31814.html
test_browser_31815.html
test_browser_31813.html
test_browser_31812.html
test_browser_31811.html
test_browser_31810.html
test_browser_31808.html
test_browser_31809.html
test_browser_31807.html
test_browser_31806.html

$radamsa -o :8080 -r gen_htmls/

Above command will open port 8080 and bings to all IP Addresses if the machine is multi homed.
When a client connects to 8080 radamsa serves malicious files.

We can also use NodeFuzz to server malicious HTML files, but nodefuxx allows mentioning only one HTML file part of configuration. Not sure how to respond back with all malicious files one by one when a client browser connects.
$ node nodefuzz.js

Enjoy Fuzzing!