Installing ClusterFuzz on Ubuntu

ClusterFuzz is a open-source package offered by Google for anyone to use. The program, ClusterFuzz, is a self-contained unit of Python packages. But it’s purpose is to Fuzz Chrome’s browsers for bugs and test if your browser is vulnerable to new and updated browser bugs.

Browser bugs are becoming more common with the advent of WebGL and Spectre. So even if an online test passes browser bug tests, you are still vulnerable to the most low-level attack vectors freely available for anyone to implement.

Google gives you the power to test your browser out, and check for common bugs in your applications and in your browser.

Actual commands to install program.

- gcloud auth application-default login
- gcloud auth login
- git clone: https://github.com/google/clusterfuzz.git
- cd ClusterFuzz
- sudo apt-get install virtualenv
- source venv/bin/activate
- ./local/install_deps.bash

What those commands do.

- Authorize yourself with the gcloud service
- After you authorize, log in
- Download the repository to your harddrive
- Make your working directory the file you just downloaded
- Install the virtual-env program using apt-get package manager
- Activate the virtualenvironment
- Install third party libraries

After you run those commands, you should be greeted with a terminal that looks like this, letting you know the program was installed successfully.

Now use the following command to enter in to a ENV session.

source ENV/bin/activate

Your terminal should look like that when your finished, notice the “VENV ” before your shell id.

Now we are ready to use the program. Type in

python butler.py -h

And if all steps were followed correctly, you should see a terminal like so, with the program’s features and usage.

Now we know the program is successfully installed, we can run a command

python butler.py run_server --bootstrap 

to install packages into the VirtualEnvironment. After that command starts, open your browser and visit http://localhost:9000

You will be greeted with a simple login form like the one above. Click log in, and make sure “Sign in as Administrator” is checked.

You are now running your own local instance of the Open Source Fuzzer. Once logged in you will see what’s in the screenshot below, and you can now start testing applications, making your own Fuzzers, and it brings you one step closer to finding nasty unintended bugs in applications.

For more information on how to use the program, visit the project’s documentation.

https://google.github.io/clusterfuzz/setting-up-fuzzing/

You Might Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *