Vivisect vtrace-based Process Monitor for Boofuzz. Re-introduces the debugger features offered by the legacy PyDbg library, bringing back detailed memory-level crash dumps for Windows (and linux!) fuzzing targets.
- Full-featured Vtrace debugger-based target process monitor thread for Boofuzz
- Windows and Linux fuzzing target OS support
- Both x86 and 64-bit support
- New runtime options:
- Auto Restart: allows user to define at runtime whether the target process automatically restarts itself after a crash, and if so how long the procmon should wait for it to settle after a crash
- Set Debugger Thread: allows the user to define at runtime which type of debugger thread to use (simple or vtrace)
- Install vivisect on your fuzzing target machine
pip install vivisect
Boofuzz from Source
- Replace the original target-based Boofuzz files with these versions:
- boofuzz/process_monitor.py
- boofuzz/boofuzz/utils/crash_binning.py
- boofuzz/boofuzz/utils/process_monitor_pedrpc_server.py
Boofuzz from Pip
- Drop process_monitor.py in the root boofuzz directory and replace the original target-based Boofuzz files with these versions:
- boofuzz/utils/crash_binning.py
- boofuzz/utils/process_monitor_pedrpc_server.py
-
Drop debugger_thread_vtrace.py into boofuzz/boofuzz/utils/ on your target machine
-
Configure the use of the process monitor on your fuzz controller script
Note: if you provide a "proc_name" value, the debugger thread will attempt to first attach to an already-running target instance before trying to spawn a new one
options = {"proc_name":"target.exe", "start_commands":['C:/target.exe'], 'debugger_thread':'vtrace'}
procmon = ProcessMonitor(target_IP, 26002)
procmon.set_options(**options)
monitors = [procmon]
-
run process_monitor.py on the target machine
-
Commence fuzzing! If you trigger a crash, the synopsis will be visible in both the web console and your post-mortem crash bins.
