Date post: | 13-Aug-2015 |
Category: |
Technology |
Upload: | nu-the-open-security-community |
View: | 152 times |
Download: | 0 times |
What is it ?
Grinder is a system to automate the fuzzing of web browsers and the management of a large number of crashes.
fuzz…fuzzz…fuzzzz
Fuzz testing or fuzzing is a software testing technique, often automated or semi-automated, that involves providing invalid, unexpected, or random data to the inputs of a computer program. The program is then monitored for exceptions such as crashes, or failing built-in code assertions or for finding potential memory leaks.
-Wikipedia
Fuzzer HTML file with your own logic !!!
Add ‘logging.js’
Logging
- start logger = null;!!!logger = new LOGGER( "grind" );!!!logger.starting(); - end logger.finished();!!!reload!
Fuzzer Everything happening in browser should be logged !!!
logger.log(“document.createElement(‘div’);”, “grind”, 1);!
Grinder Node config.rb
- configuration file
- used for fuzzing & creating testcases
- name, server url, symbols dir, timeout, local server ip & port
Grinder Node grinder_logger.dll
- get injected into browser process
- responsible for logging the testcase
On a 32bit Windows system:
Copy '.\grinder\node\data\x86\grinder_logger.dll' to 'c:\windows\system32\'!
Grinder Node grinder.rb
- responsible for fuzzing
.\grinder\node>ruby grinder.rb [--config=c:\path\to\alternative\config.rb] [--fuzzer=FUZZER] --browser=BROWSER!
Grinder Node testcase.rb
- generates html file from .log file
.\grinder\node>ruby testcase.rb [--config=c:\path\to\CONFIG.RB] --log=c:\path\to\XXXXXXXX.XXXXXXXX.log --save=c:\path\to\XXXXXXXX.XXXXXXXX.html!