{"id":2453,"date":"2019-07-10T17:54:20","date_gmt":"2019-07-11T00:54:20","guid":{"rendered":"https:\/\/blog.mozilla.org\/security\/?p=2453"},"modified":"2019-07-10T19:05:21","modified_gmt":"2019-07-11T02:05:21","slug":"grizzly","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/security\/2019\/07\/10\/grizzly\/","title":{"rendered":"Grizzly Browser Fuzzing Framework"},"content":{"rendered":"<p>At Mozilla, we rely heavily on automation to increase our ability to <a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Mozilla\/QA\/Fuzzing\">fuzz<\/a> Firefox and the components from which it is built. Our fuzzing team is constantly developing tools to help integrate new and existing capabilities into our workflow with a heavy emphasis on scaling. Today we would like to share <a href=\"https:\/\/github.com\/MozillaSecurity\/grizzly\">Grizzly<\/a> &#8211; a browser fuzzing framework that has enabled us to quickly and effectively deploy fuzzers at scale.<\/p>\n<p>Grizzly was designed to allow fuzzer developers to focus solely on writing fuzzers and not worry about the overhead of creating tools and scripts to run them. It was created as a platform for our team to run internal and external fuzzers in a common way using shared tools. It is cross-platform and supports running multiple instances in parallel.<\/p>\n<p>Grizzly is responsible for:<\/p>\n<ul>\n<li>managing the browser (via Target)\n<ul>\n<li>launching<\/li>\n<li>terminating<\/li>\n<li>monitoring logs<\/li>\n<li>monitoring resource usage of the browser<\/li>\n<li>handling crashes, OOMs, hangs&#8230; etc<\/li>\n<\/ul>\n<\/li>\n<li>managing the fuzzer\/test case generator tool (via Adapter)\n<ul>\n<li>setup and teardown of tool<\/li>\n<li>providing input for the tool (if necessary)<\/li>\n<li>creating test cases<\/li>\n<\/ul>\n<\/li>\n<li>serving test cases<\/li>\n<li>reporting results\n<ul>\n<li>basic crash deduplication is performed by default<\/li>\n<li><a href=\"https:\/\/github.com\/MozillaSecurity\/FuzzManager\">FuzzManager<\/a> support is available (with advanced crash deduplication)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>Grizzly is extensible by extending the \u201c<a href=\"https:\/\/github.com\/MozillaSecurity\/grizzly\/blob\/master\/grizzly\/target\/target.py\">Target<\/a>\u201d or \u201c<a href=\"https:\/\/github.com\/MozillaSecurity\/grizzly\/blob\/master\/grizzly\/common\/adapter.py\">Adapter<\/a>\u201d\u00a0interface. Targets are used to add support for specific browsers. This is where the quirks and complexities of each browser are handled. See <a href=\"https:\/\/github.com\/MozillaSecurity\/grizzly\/blob\/master\/grizzly\/target\/puppet_target.py\">puppet_target.py<\/a> for an example which uses <a href=\"https:\/\/github.com\/MozillaSecurity\/ffpuppet\">FFPuppet<\/a> to add support for Firefox. Adapters are used to add support for fuzzers. A basic functional example can be found <a href=\"https:\/\/github.com\/MozillaSecurity\/grizzly\/blob\/master\/grizzly\/adapters\/NoOpAdapter\/__init__.py\">here<\/a>. See <a href=\"https:\/\/github.com\/MozillaSecurity\/grizzly\/wiki\/Writing-an-Adapter\">here<\/a>\u00a0for a slightly more advanced example that can be modified to support existing fuzzers.<\/p>\n<p>Grizzly is primarily intended to support blackbox fuzzers. For a feedback driven fuzzing interface please see the <a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Mozilla\/Testing\/Fuzzing_Interface\">libfuzzer fuzzing interface<\/a>. Grizzly also has a test case reduction mode that can be used on crashes it finds.<\/p>\n<p>For more information please checkout the <a href=\"https:\/\/github.com\/MozillaSecurity\/grizzly\/blob\/master\/README.md\">README.md<\/a>\u00a0in the repository and the <a href=\"https:\/\/github.com\/MozillaSecurity\/grizzly\/wiki\">wiki<\/a>. Feel free to ask questions on <a href=\"https:\/\/wiki.mozilla.org\/IRC\">IRC<\/a> in #fuzzing.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>At Mozilla, we rely heavily on automation to increase our ability to fuzz Firefox and the components from which it is built. Our fuzzing team is constantly developing tools to &hellip; <a class=\"go\" href=\"https:\/\/blog.mozilla.org\/security\/2019\/07\/10\/grizzly\/\">Read more<\/a><\/p>\n","protected":false},"author":1696,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8630,69,610],"tags":[542,265,45495],"coauthors":[320805],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Grizzly Browser Fuzzing Framework - Mozilla Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.mozilla.org\/security\/2019\/07\/10\/grizzly\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tyson Smith\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2019\/07\/10\/grizzly\/\",\"url\":\"https:\/\/blog.mozilla.org\/security\/2019\/07\/10\/grizzly\/\",\"name\":\"Grizzly Browser Fuzzing Framework - Mozilla Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\"},\"datePublished\":\"2019-07-11T00:54:20+00:00\",\"dateModified\":\"2019-07-11T02:05:21+00:00\",\"author\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/f451227a59839354e092fcb3d0d72887\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.mozilla.org\/security\/2019\/07\/10\/grizzly\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.mozilla.org\/security\/2019\/07\/10\/grizzly\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/2019\/07\/10\/grizzly\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.mozilla.org\/security\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Grizzly Browser Fuzzing Framework\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#website\",\"url\":\"https:\/\/blog.mozilla.org\/security\/\",\"name\":\"Mozilla Security Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/f451227a59839354e092fcb3d0d72887\",\"name\":\"Tyson Smith\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/f7f6036f7a2e054694bd174e43cd8fd8\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/a2837b951fa7dc639a2568203478ff0a?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/a2837b951fa7dc639a2568203478ff0a?s=96&d=identicon&r=g\",\"caption\":\"Tyson Smith\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Grizzly Browser Fuzzing Framework - Mozilla Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.mozilla.org\/security\/2019\/07\/10\/grizzly\/","twitter_misc":{"Written by":"Tyson Smith","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.mozilla.org\/security\/2019\/07\/10\/grizzly\/","url":"https:\/\/blog.mozilla.org\/security\/2019\/07\/10\/grizzly\/","name":"Grizzly Browser Fuzzing Framework - Mozilla Security Blog","isPartOf":{"@id":"https:\/\/blog.mozilla.org\/security\/#website"},"datePublished":"2019-07-11T00:54:20+00:00","dateModified":"2019-07-11T02:05:21+00:00","author":{"@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/f451227a59839354e092fcb3d0d72887"},"breadcrumb":{"@id":"https:\/\/blog.mozilla.org\/security\/2019\/07\/10\/grizzly\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.mozilla.org\/security\/2019\/07\/10\/grizzly\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/blog.mozilla.org\/security\/2019\/07\/10\/grizzly\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.mozilla.org\/security\/"},{"@type":"ListItem","position":2,"name":"Grizzly Browser Fuzzing Framework"}]},{"@type":"WebSite","@id":"https:\/\/blog.mozilla.org\/security\/#website","url":"https:\/\/blog.mozilla.org\/security\/","name":"Mozilla Security Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.mozilla.org\/security\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/f451227a59839354e092fcb3d0d72887","name":"Tyson Smith","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/security\/#\/schema\/person\/image\/f7f6036f7a2e054694bd174e43cd8fd8","url":"https:\/\/secure.gravatar.com\/avatar\/a2837b951fa7dc639a2568203478ff0a?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/a2837b951fa7dc639a2568203478ff0a?s=96&d=identicon&r=g","caption":"Tyson Smith"}}]}},"_links":{"self":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/2453"}],"collection":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/users\/1696"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/comments?post=2453"}],"version-history":[{"count":0,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/posts\/2453\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/media?parent=2453"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/categories?post=2453"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/tags?post=2453"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mozilla.org\/security\/wp-json\/wp\/v2\/coauthors?post=2453"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}