Wednesday, January 28, 2015

Generate sample fuzz files using Radamsa Fuzzer

Radamsa is a general purpose data fuzzer, reads data from given sample files and outputs modified data usually malformed.

Below command takes html files as input and generates infinite output  malformed html files (press Ctrl + C to stop generation of files). "-n 100000" will generate one lakh malformed html files.

$radamsa -o gen_htmls/test_browser_%n.html -n inf -r ../poc_html_files/*.html -M -

-o        specify where to write the modified data.
%n      represents test case number
-n        how  many outputs to generate based on the sample(s). -1 or inf generates infinite output
-M -    write metadata about generated data to given path, - indicates stdout

"-M -" generates below metadata of generated output file
xp-repeat: 3, xp-dup: 1, xp-insert: 1, xp-swap: 1, muta-num: 1, source: "../poc_html_files/sample1.html", generator: file, nth: 31812, path: "gen_htmls/test_browser_31812.html", output: file-writer, length: 1622, pattern: burst
xp-repeat: 4, xp-dup: 2, xp-insert: 4, fuse-old: 1, muta-num: 4, source: "../poc_html_files/sample2.html", generator: file, nth: 31813, path: "gen_htmls/test_browser_31813.html", output: file-writer, length: 2515, pattern: many-dec
xp-repeat: 1, xp-pump: 1, xp-dup: 1, xp-insert: 5, muta-num: 1, source: "../poc_html_files/sample3.html", generator: file, nth: 31814, path: "gen_htmls/test_browser_31814.html", output: file-writer, length: 14832, pattern: burst

$ ls -t |more

$radamsa -o :8080 -r gen_htmls/

Above command will open port 8080 and bings to all IP Addresses if the machine is multi homed.
When a client connects to 8080 radamsa serves malicious files.

We can also use NodeFuzz to server malicious HTML files, but nodefuxx allows mentioning only one HTML file part of configuration. Not sure how to respond back with all malicious files one by one when a client browser connects.
$ node nodefuzz.js

Enjoy Fuzzing!