Awesome Open Source
Awesome Open Source
Sponsorship

Morph

Morph is an open source fuzzing framework based python3.

It provides an automated way to fuzz brower, windows photo viewer, smb proto, dll, etc. You can create any templates like domato, peach for html, tiff or other file format you want to fuzz.

Features

  • Support multiple browsers, such as IE, Chrome, Firefox, etc. Edge is considering.
  • Support custom extension templates such as domato, peach pits etc.
  • Support windows and linux both.

Install

  1. [windows] pip install comtypes.
  2. [Optional when using center.py] pip install tornado.
  3. Download Visual C++ Redistributable for Visual Studio 2012 Update 4 and setup.
  4. Download pydbg and python setup.py install.
  5. Download morph and run.

Usages

Fuzzing IE with domato template:

0x01. fuzzing only at local machine:

  1. Setting samples/ie.json:
{
	"fuzzer": "fuzzers.axe",
	"argument":{
		"proc_path": "C:/Program Files/Internet Explorer/iexplore.exe",
		"proc_name": "iexplore.exe",
		"proc_args": "@@",
		
		"generator": "generators.web",
		"template": "templates.domato",
		"debugger": "pydbg.windows.debugger",

		"fuzz_timeout": 3,
		"confirm_timeout": 2,
		"fuzz_results_dir": "../fuzz_results"
	}
}
  1. Then run the script as Administrator:
python morph.py samples/ie.json

0x02. fuzzing and saving results to Remote Server:

  1. setting samples/ie.json:
{
	"fuzzer": "fuzzers.axe",
	"argument":{
		"proc_path": "C:/Program Files/Internet Explorer/iexplore.exe",
		"proc_name": "iexplore.exe",
		"proc_args": "@@",
		
		"generator": "generators.web",
		"template": "templates.domato",
		"debugger": "pydbg.windows.debugger",

		"fuzz_timeout": 3,
		"confirm_timeout": 2,
		"fuzz_results_dir":  "http://192.168.1.200:8080/upload"
	}
}
  1. Then run center.py in remote server 192.168.1.200:
python center.py 8080
  1. And run morph script as Administrator in client machine:
python morph.py samples/ie.json

All results saved to results directory.

0x03. fuzzing on ubuntu:

  1. Setting samples/chrome.json:
{
	"fuzzer": "fuzzers.axe",
	"argument":{
		"proc_path": "/opt/google/chrome/chrome",
		"proc_name": "chrome",
		"proc_args": "-headless -disable-gpu -no-sandbox @@",
		
		"generator": "generators.web",
		"template": "templates.domato",
		"debugger": "pydbg.linux.debugger",

		"fuzz_timeout": 5,
		"confirm_timeout": 3,
		"fuzz_results_dir": "../fuzz_results"
	}
}
  1. Then run the script:
python morph.py samples/chrome.json

Precautions

  1. When fuzzing IE, Internet Options --> Advanced, cancel below:
  • [ ] 启用自动崩溃恢复

  • [ ] 通过页面预测启用快速翻页

  • [ ] 在后台加载站点和内容以优化性能

In Internet Options --> Security, cancel:

  • [ ] 启用保护模式

Change iexplore.exe to Alone Process mode in regedit table:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main

Create a new DWORD32 TabProcGrowth and set to 0.

  1. When fuzzing Firefox, set below arguments in about:config firstly:
toolkit.startup.max_resumed_crashes -1
browser.safebrowsing.debug false
browser.sessionstore.max_resumed_crashes -1
browser.sessionstore.resume_from_crash false

Versions

  • v0.5.0
    • rebuild to support linux and winows fuzzing both.
  • v0.4.3 and before
    • Fix multiprocess share object bug
    • Add Software based file format support Add center.py to save results remotely

Todo

  • [ ] support file format generator like peach pits. flag
  • [ ] support ole file templates generator. flag
  • [ ] supprot proto fuzzing. flag
  • [ ] support Microsoft Edge. flag
  • [ ] support code-based fuzzing mode.

Hold The Door.

Thanks

Morph is reformed from Peach, Cisso-kitty.


If there is any bug or suggestion, please submit issues or contact to walkerfuz#outlook.com。


Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
python (47,791
browser (414
fuzzing (125

Find Open Source By Browsing 7,000 Topics Across 59 Categories