Based on some Fuzzing talks I watched years ago. Wanted to have a way of analysing security bugs better, making searchable etc.

What it does

I implemented a GDB plugin which calls back to a webs server to list known testcases, then lets you run them in a docker container using GDB server.

Meant to make it easier to quickly look at a bug.

How I built it

Set up static builds for most of the software I wanted to run in this environment so I could drop it only my alpine Linux based container. After that, I wrote a backend to store the data + provide messages queues to spawn up containers on demand. I then implemented plugins for GDB using GEF, which queried this backend.

Challenges I ran into

I couldn't Vue-Table to work correctly, so I couldn't get the nice web frontend I wanted.

Static builds of GDB are fairly annoying to setup.

Correcting the worker-queue took a while.

Accomplishments that I'm proud of

Getting it to be fairly easy to open new debugger instances.

What I learned

Writing GEF plugins, Vue.js for when I was writing a the frontend that I scraped,

What's next for FuzzServ

Setting up a GDB training site would probably be the best thing to do with the core code, so people can learn how to debug using it.

Maybe using it to run triage code remotely.

Need to make it handle more inputs than just a single file.

Built With

Share this project: