Inspiration
Based on some Fuzzing talks I watched years ago. Wanted to have a way of analysing security bugs better, making searchable etc.
What it does
I implemented a GDB plugin which calls back to a webs server to list known testcases, then lets you run them in a docker container using GDB server.
Meant to make it easier to quickly look at a bug.
How I built it
Set up static builds for most of the software I wanted to run in this environment so I could drop it only my alpine Linux based container. After that, I wrote a backend to store the data + provide messages queues to spawn up containers on demand. I then implemented plugins for GDB using GEF, which queried this backend.
Challenges I ran into
I couldn't Vue-Table to work correctly, so I couldn't get the nice web frontend I wanted.
Static builds of GDB are fairly annoying to setup.
Correcting the worker-queue took a while.
Accomplishments that I'm proud of
Getting it to be fairly easy to open new debugger instances.
What I learned
Writing GEF plugins, Vue.js for when I was writing a the frontend that I scraped,
What's next for FuzzServ
Setting up a GDB training site would probably be the best thing to do with the core code, so people can learn how to debug using it.
Maybe using it to run triage code remotely.
Need to make it handle more inputs than just a single file.
Log in or sign up for Devpost to join the conversation.