Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?xml version="1.0" encoding="utf-8"?>
- <Peach version="1.0" author="RLS2PEACH" description="PDF file fuzzer">
- <!--this will give you a good start on a PDF fuzzer
- bigger PDFs have more PDFObj blocks. You could also play with the values and change from blob to number or string
- inside of PDFObj to get more coverage. each PDFObj will have a different amount of bytes for each different file fuzzed
- use 010 editor or hachoir(free) to look at the struct of your files-->
- <Include ns="default" src="file:defaults.xml" />
- <DataModel name="PDF">
- <Block name="PDFHeader">
- <String name="Header" lentgth="9" value="%PDF-1.6 " token="true" />
- </Block>
- <Block name="PDFComment">
- <Blob name="Comment" length="14" />
- </Block>
- <Block name="PDFObj0">
- <Blob name="Index" length="6" /> <!--lengths can be adjusted to fit the file you are fuzzing-->
- <Blob name="WhiteSpace1" length="64" />
- <Blob name="Version" length="2" />
- <Blob name="WhiteSpace2" length="64" />
- <Blob name="Object" length="3" value="obj" />
- <Blob name="Data" length="64" />
- <Blob name="EndObject" length="6" value="endobj" />
- <Blob name="WhiteSpace3" length="64" />
- </Block>
- <Block name="PDFObj1">
- <Blob name="Index" length="6" />
- <Blob name="WhiteSpace1" length="64" />
- <Blob name="Version" length="2" />
- <Blob name="WhiteSpace2" length="64" />
- <Blob name="Object" length="3" value="obj" />
- <Blob name="Data" length="64" />
- <Blob name="EndObject" length="6" value="endobj" />
- <Blob name="WhiteSpace3" length="64" />
- </Block>
- <Block name="PDFObj2">
- <Blob name="Index" length="6" />
- <Blob name="WhiteSpace1" length="64" />
- <Blob name="Version" length="2" />
- <Blob name="WhiteSpace2" length="64" />
- <Blob name="Object" length="3" value="obj" />
- <Blob name="Data" length="64" />
- <Blob name="EndObject" length="6" value="endobj" />
- <Blob name="WhiteSpace3" length="64" />
- </Block>
- <Block name="PDFObj3">
- <Blob name="Index" length="6" />
- <Blob name="WhiteSpace1" length="64" />
- <Blob name="Version" length="2" />
- <Blob name="WhiteSpace2" length="64" />
- <Blob name="Object" length="3" value="obj" />
- <Blob name="Data" length="64" />
- <Blob name="EndObject" length="6" value="endobj" />
- <Blob name="WhiteSpace3" length="64" />
- </Block>
- <Block name="PDFObj4">
- <Blob name="Index" length="6" />
- <Blob name="WhiteSpace1" length="64" />
- <Blob name="Version" length="2" />
- <Blob name="WhiteSpace2" length="64" />
- <Blob name="Object" length="3" value="obj" />
- <Blob name="Data" length="64" />
- <Blob name="EndObject" length="6" value="endobj" />
- <Blob name="WhiteSpace3" length="64" />
- </Block>
- <Block name="PDFObj5">
- <Blob name="Index" length="6" />
- <Blob name="WhiteSpace1" length="64" />
- <Blob name="Version" length="2" />
- <Blob name="WhiteSpace2" length="64" />
- <Blob name="Object" length="3" value="obj" />
- <Blob name="Data" length="64" />
- <Blob name="EndObject" length="6" value="endobj" />
- <Blob name="WhiteSpace3" length="64" />
- </Block>
- <Block name="PDFObj6">
- <Blob name="Index" length="6" />
- <Blob name="WhiteSpace1" length="64" />
- <Blob name="Version" length="2" />
- <Blob name="WhiteSpace2" length="64" />
- <Blob name="Object" length="3" value="obj" />
- <Blob name="Data" length="64" />
- <Blob name="EndObject" length="6" value="endobj" />
- <Blob name="WhiteSpace3" length="64" />
- </Block>
- <Block name="PDFUnknown">
- <Blob name="Data" length="19" value="startxref 105022.." />
- </Block>
- <Block name="PDFTrailer">
- <String name="Trailer" length="5" value="%%EOF" token="true"/>
- </Block>
- </DataModel>
- <DataModel name="Param">
- <String name="Value" isStatic="true" />
- </DataModel>
- <Publisher class="file.FileWriterLauncher">
- <Param name="fileName" value="fuzzed.pdf"/>
- </Publisher>
- <Agent name="LocalAgent">
- <Monitor class="debugger.WindowsDebugEngine">
- <!-- The command line to run. Notice the filename provided matched up
- to what is provided below in the Publisher configuration -->
- <Param name="CommandLine" value="C:\Program Files\Foxit Software\Foxit Reader\Reader.exe fuzzed.pdf" />
- <!-- This parameter will cause the debugger to wait for an action-call in
- the state model with a method="ScoobySnacks" before running
- program.
- Note: You will also need to add a parameter to the publisher called
- "debugger" and set it to "true"!
- -->
- <Param name="StartOnCall" value="ScoobySnacks" />
- </Monitor>
- </Agent>
- <!-- This is our simple wave state model -->
- <StateModel name="TheState" initialState="Initial">
- <State name="Initial">
- <!-- Write out our wave file -->
- <Action type="output">
- <DataModel ref="PDF"/>
- <!-- This is our sample file to read in -->
- <Data name="data" fileName="sample.pdf"/>
- </Action>
- <Action type="close"/>
- <!-- Launch the target process -->
- <Action type="call" method="ScoobySnacks" />
- </State>
- </StateModel>
- <Test name="TheTest">
- <Agent ref="LocalAgent"/>
- <StateModel ref="TheState"/>
- <Publisher class="file.FileWriterLauncher">
- <Param name="fileName" value="fuzzed.pdf"/>
- <Param name="debugger" value="true"/>
- </Publisher>
- <Publisher class="process.DebuggerLauncherGui" name="launch">
- <Param name="windowName" value="fuzzed.pdf" />
- </Publisher>
- </Test>
- <Logger class="logger.Filesystem">
- <Param name="path" value="logs" />
- </Logger>
- <Run name="DefaultRun">
- <Test ref="TheTest" />
- <Logger class="logger.Filesystem">
- <Param name="path" value="logs" />
- </Logger>
- </Run>
- </Peach>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement