Grinder

AMol NAik

This talk is NOT about …

But this …

What is it ?

Grinder is a system to automate the fuzzing of web browsers and the management of a large number of crashes.

fuzz…fuzzz…fuzzzz

Fuzz testing or fuzzing is a software testing technique, often automated or semi-automated, that involves providing invalid, unexpected, or random data to the inputs of a computer program. The program is then monitored for exceptions such as crashes, or failing built-in code assertions or for finding potential memory leaks.

-Wikipedia

Way Ahead …

Server

Fuzzer

Node

Grinder Server

Fuzzer HTML file with your own logic !!!

Add ‘logging.js’

Logging

- start logger = null;!!!logger = new LOGGER( "grind" );!!!logger.starting(); - end logger.finished();!!!reload!

Fuzzer Everything happening in browser should be logged !!!

logger.log(“document.createElement(‘div’);”, “grind”, 1);!

Grinder Node

Ruby 2.0

config.rb

grinder_logger.dll

grinder.rb

testcase.rb

reduction.rb

Grinder Node config.rb

- configuration file

- used for fuzzing & creating testcases

- name, server url, symbols dir, timeout, local server ip & port

Grinder Node grinder_logger.dll

- get injected into browser process

- responsible for logging the testcase

On a 32bit Windows system:

Copy '.\grinder\node\data\x86\grinder_logger.dll' to 'c:\windows\system32\'!

Grinder Node grinder.rb

- responsible for fuzzing

.\grinder\node>ruby grinder.rb [--config=c:\path\to\alternative\config.rb] [--fuzzer=FUZZER] --browser=BROWSER!

Grinder Node testcase.rb

- generates html file from .log file

.\grinder\node>ruby testcase.rb [--config=c:\path\to\CONFIG.RB] --log=c:\path\to\XXXXXXXX.XXXXXXXX.log --save=c:\path\to\XXXXXXXX.XXXXXXXX.html!

Grinder Node reduction.rb

- reduces the testcase at minimum

That’ all !!!

AMol NAik @amolnaik4