walkerfuz / Morph
An open source fuzzing framework for fun.
Stars: ✭ 166
Programming Languages
python
139335 projects - #7 most used programming language
Projects that are alternatives of or similar to Morph
Droid Application Fuzz Framework
Android application fuzzing framework with fuzzers and crash monitor.
Stars: ✭ 248 (+49.4%)
Mutual labels: fuzzing, browser
Fuzzdata
Fuzzing resources for feeding various fuzzers with input. 🔧
Stars: ✭ 376 (+126.51%)
Mutual labels: fuzzing, browser
Jfx Browser
JFx Browser is a multi tab browser. In its first version HTML to PDF, Downloading , History, Bookmarks and Account creation facility available. We are not still working on this project.
Stars: ✭ 157 (-5.42%)
Mutual labels: browser
Kasaya
A "WYSIWYG" (sort of) scripting language and runtime for browser automation
Stars: ✭ 1,906 (+1048.19%)
Mutual labels: browser
React Render In Browser
React library to render browser specific content
Stars: ✭ 157 (-5.42%)
Mutual labels: browser
Velcro
A set of tools and libraries for stitching together modules and code in highly dynamic browser environments
Stars: ✭ 159 (-4.22%)
Mutual labels: browser
Brain.js
brain.js is a GPU accelerated library for Neural Networks written in JavaScript.
Stars: ✭ 12,358 (+7344.58%)
Mutual labels: browser
Browsertime
open source browser history page with analytics
Stars: ✭ 162 (-2.41%)
Mutual labels: browser
Openlinkwith
Open the current webpage you have in another app. Magic! 🔮
Stars: ✭ 158 (-4.82%)
Mutual labels: browser
Android Filebrowser Filepicker
A FileBrowser / FileChooser / FolderChooser for Android that you can integrate to your app to browse/select files from internal/external storage
Stars: ✭ 157 (-5.42%)
Mutual labels: browser
React Page Visibility
Declarative, nested, stateful, isomorphic page visibility React component
Stars: ✭ 163 (-1.81%)
Mutual labels: browser
Noel
A universal, human-centric, replayable javascript event emitter.
Stars: ✭ 158 (-4.82%)
Mutual labels: browser
Morph
Morph is an open source fuzzing framework based python3.
It provides an automated way to fuzz brower, windows photo viewer, smb proto, dll, etc. You can create any templates like domato, peach for html, tiff or other file format you want to fuzz.
Features
- Support multiple browsers, such as IE, Chrome, Firefox, etc. Edge is considering.
- Support custom extension templates such as domato, peach pits etc.
- Support windows and linux both.
Install
- [windows] pip install comtypes.
- [Optional when using center.py] pip install tornado.
- Download Visual C++ Redistributable for Visual Studio 2012 Update 4 and setup.
- Download pydbg and
python setup.py install
. - Download morph and run.
Usages
Fuzzing IE with domato template:
0x01. fuzzing only at local machine:
- Setting samples/ie.json:
{
"fuzzer": "fuzzers.axe",
"argument":{
"proc_path": "C:/Program Files/Internet Explorer/iexplore.exe",
"proc_name": "iexplore.exe",
"proc_args": "@@",
"generator": "generators.web",
"template": "templates.domato",
"debugger": "pydbg.windows.debugger",
"fuzz_timeout": 3,
"confirm_timeout": 2,
"fuzz_results_dir": "../fuzz_results"
}
}
- Then run the script as Administrator:
python morph.py samples/ie.json
0x02. fuzzing and saving results to Remote Server:
- setting samples/ie.json:
{
"fuzzer": "fuzzers.axe",
"argument":{
"proc_path": "C:/Program Files/Internet Explorer/iexplore.exe",
"proc_name": "iexplore.exe",
"proc_args": "@@",
"generator": "generators.web",
"template": "templates.domato",
"debugger": "pydbg.windows.debugger",
"fuzz_timeout": 3,
"confirm_timeout": 2,
"fuzz_results_dir": "http://192.168.1.200:8080/upload"
}
}
- Then run center.py in remote server 192.168.1.200:
python center.py 8080
- And run morph script as Administrator in client machine:
python morph.py samples/ie.json
All results saved to results
directory.
0x03. fuzzing on ubuntu:
- Setting samples/chrome.json:
{
"fuzzer": "fuzzers.axe",
"argument":{
"proc_path": "/opt/google/chrome/chrome",
"proc_name": "chrome",
"proc_args": "-headless -disable-gpu -no-sandbox @@",
"generator": "generators.web",
"template": "templates.domato",
"debugger": "pydbg.linux.debugger",
"fuzz_timeout": 5,
"confirm_timeout": 3,
"fuzz_results_dir": "../fuzz_results"
}
}
- Then run the script:
python morph.py samples/chrome.json
Precautions
- When fuzzing IE, Internet Options --> Advanced, cancel below:
-
[ ] 启用自动崩溃恢复
-
[ ] 通过页面预测启用快速翻页
-
[ ] 在后台加载站点和内容以优化性能
In Internet Options --> Security, cancel:
- [ ] 启用保护模式
Change iexplore.exe to Alone Process mode in regedit
table:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
Create a new DWORD32 TabProcGrowth
and set to 0.
- When fuzzing Firefox, set below arguments in
about:config
firstly:
toolkit.startup.max_resumed_crashes | -1 |
---|---|
browser.safebrowsing.debug | false |
browser.sessionstore.max_resumed_crashes | -1 |
browser.sessionstore.resume_from_crash | false |
Versions
- v0.5.0
- rebuild to support linux and winows fuzzing both.
- v0.4.3 and before
- Fix multiprocess share object bug
- Add Software based file format support Add center.py to save results remotely
Todo
- [ ] support file format generator like peach pits.
flag
- [ ] support ole file templates generator.
flag
- [ ] supprot proto fuzzing.
flag
- [ ] support Microsoft Edge.
flag
- [ ] support code-based fuzzing mode.
Hold The Door.
Thanks
Morph is reformed from Peach, Cisso-kitty.
If there is any bug or suggestion, please submit issues or contact to walkerfuz#outlook.com。
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].