Morph
Morph is an open source fuzzing framework based python.
It provides an automated way to fuzz brower, windows photo viewer, smb protocol, dll, etc. You can create any templates like domato, tiff, avi format for everything you want to fuzz.
Features
- Support multiple browsers, such as IE, Chrome, Firefox, etc. Edge is considering.
- Support custom extension templates such as domato, peach pits etc.
- Currently only support windows, linux is under development.
Install
- pip install comtypes.
- [Optional when using center.py] pip install tornado
- Download Visual C++ Redistributable for Visual Studio 2012 Update 4 and setup.
- Download morph and run.
Usages
Fuzzing IE with domato template:
0x01. fuzzing only at local machine:
- Setting samples/ie.json:
{
"fuzzer": "fuzzers.browser",
"argument":{
"proc_path": "C:/Program Files/Internet Explorer/iexplore.exe",
"proc_name": "iexplore.exe",
"proc_args": "",
"generator": "generators.web",
"template": "templates.domato",
"gflags": "monitors.windbg.gflags",
"debugger": "monitors.windbg.UserDebugger",
"fuzz_timeout": 120,
"confirm_timeout": 10,
"fuzz_results_dir": "results"
}
}
- Then run the script as Administrator:
python morph.py samples/ie.json0x02. fuzzing and saving results to Remote Server:
- setting samples/ie.json:
{
"fuzzer": "fuzzers.browser",
"argument":{
"proc_path": "C:/Program Files/Internet Explorer/iexplore.exe",
"proc_name": "iexplore.exe",
"proc_args": "",
"generator": "generators.web",
"template": "templates.domato",
"gflags": "monitors.windbg.gflags",
"debugger": "monitors.windbg.UserDebugger",
"fuzz_timeout": 120,
"confirm_timeout": 10,
"fuzz_results_dir": "http://192.168.1.200:8080/upload"
}
}
- Then run center.py in Remote server 192.168.1.200:
python center.py 8080
- And run morph script as Administrator in client machine:
python morph.py samples/ie.jsonAll results saved to results directory.
Precautions
- When fuzzing IE, Internet Options --> Advanced, cancel below:
-
启用自动崩溃恢复
-
通过页面预测启用快速翻页
-
在后台加载站点和内容以优化性能
In Internet Options --> Security, cancel:
- 启用保护模式
Change iexplore.exe to Alone Process mode in regedit table:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
Create a new DWORD32 TabProcGrowth and set to 0.
- When fuzzing Firefox, set below arguments in
about:configfirstly:
| toolkit.startup.max_resumed_crashes | -1 |
|---|---|
| browser.safebrowsing.debug | false |
| browser.sessionstore.max_resumed_crashes | -1 |
| browser.sessionstore.resume_from_crash | false |
Versions
- v0.4.3
- Fix multiprocess share object bug
- Add Software based file format support
- v0.4.2
- Add center.py to save results remotely
- v0.4.1
- Fix
ConnectionResetError: [WinError 10054]bug - Redesigned the framework with json config
- Fix
Todo
- [v0.5.0] optimize domato template and support file format 2018/10/10
- [v0.6.0] support Microsoft Edge 2018/10/30
- [...] support peach pits and linux debugger.
Thanks
Morph is reformed from Peach, Cisso-kitty.
If there is any bug or suggestion, please contact to walkerfuz#outlook.com。
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent