Grinder talk

Grider Talk given by Amol Naik in Null meet 26 july 2015

Publicada em: Tecnologia
  1. 1. Grinder AMol NAik
  2. 2. This talk is NOT about …
  3. 3. But this …
  4. 4. What is it ? Grinder is a system to automate the fuzzing of web browsers and the management of a large number of crashes.
  5. 5. fuzz…fuzzz…fuzzzz Fuzz testing or fuzzing is a software testing technique, often automated or semi-automated, that involves providing invalid, unexpected, or random data to the inputs of a computer program. The program is then monitored for exceptions such as crashes, or failing built-in code assertions or for finding potential memory leaks. -Wikipedia
  6. 6. Way Ahead …
  7. 7. Server Fuzzer Node
  8. 8. Grinder Server
  9. 9. Fuzzer HTML file with your own logic !!! Add ‘logging.js’ Logging - start logger = null;! !!logger = new LOGGER( "grind" );! !!logger.starting(); - end logger.finished();! !!reload!
  10. 10. Fuzzer Everything happening in browser should be logged !!! logger.log(“document.createElement(‘div’);”, “grind”, 1);!
  11. 11. Grinder Node Ruby 2.0 config.rb grinder_logger.dll grinder.rb testcase.rb reduction.rb
  12. 12. Grinder Node config.rb - configuration file - used for fuzzing & creating testcases - name, server url, symbols dir, timeout, local server ip & port
  13. 13. Grinder Node grinder_logger.dll - get injected into browser process - responsible for logging the testcase On a 32bit Windows system: Copy '.grindernodedata x86grinder_logger.dll' to 'c:windows system32'!
  14. 14. Grinder Node grinder.rb - responsible for fuzzing .grindernode>ruby grinder.rb [--config=c: pathtoalternativeconfig.rb] [-- fuzzer=FUZZER] --browser=BROWSER!
  15. 15. Grinder Node testcase.rb - generates html file from .log file .grindernode>ruby testcase.rb [-- config=c:pathtoCONFIG.RB] --log=c: pathtoXXXXXXXX.XXXXXXXX.log -- save=c:pathtoXXXXXXXX.XXXXXXXX.html!
  16. 16. Grinder Node reduction.rb - reduces the testcase at minimum
  17. 17. That’ all !!! AMol NAik @amolnaik4