How to Run Mayhem from a Docker Image
How to Run Mayhem from a Docker Image
·
Provided as an easy-to-use web interface and fuzzing platform, users can use the Mayhem UI to create, manage, and analyze their Mayhem fuzzing runs on containerized applications, or targets, residing within Docker images that have been uploaded to the public Docker Hub registry.
How do you do this? It’s as easy as:
- Logging in to the Mayhem UI hosted on your Mayhem deployment.
- Selecting a Docker Image for your new Mayhem run.
- Configuring the Mayhemfile for the run.
- Executing your new Mayhem run!
Let’s see how this works in more detail. To get you quickly started, we’ve provided a button for you to create a new pre-configured run using a Docker image hosted on Docker Hub. For this exercise we will be executing a Mayhem run on the previously discussed testme
#include <stdio.h>
#include <string.h>
int fuzzme(char *buf)
{
if(buf[0] == 'b')
if(buf[1] == 'u')
if(buf[2] == 'g') {
abort(); // Defect: Sends a SIGABRT signal
}
return 0;
}
int main(int argc, char *argv[])
{
FILE *f;
char buf[12];
if(argc != 2){
fprintf(stderr, "Must supply a text filen");
return -1;
}
f = fopen(argv[1], "r");
if(f == NULL){
fprintf(stderr, "Could not open %sn", argv[1]);
return -1;
}
if(fgets(buf, sizeof(buf), f) == NULL){
fprintf(stderr, "Could not read from %sn", argv[1]);
return -1;
}
fuzzme(buf);
return 0;
}
In Mayhem, you should be presented with the following screen:
This is the create new run flow for creating a new Mayhem run from a Docker image. There are two steps to the create new run process:
- Choose Image: Choose the Docker image that will be ingested into Mayhem for fuzz testing and specify a Docker image name from the public Docker Hub registry.
- Configure and Run: Configure the specifications for the Mayhem run dictated by the
Mayhemfile
, then confirm your selections and execute the run!
Click the Show Mayhemfile link at the bottom to get a better look at the exact specifications for the Mayhem run dictated by the underlying Mayhemfile
. You should see something similar to:
image: index.docker.io/forallsecure/tutorial:latest
duration: 90
project: forallsecure-tutorial
target: testme
cmds:
- cmd: /root/tutorial/testme/v1/testme @@
Then, simply click Next until you get to the end of the create new run flow and click Start Run to confirm your selections and execute your first Mayhem run!
After executing the Mayhem run, you should see the following run analysis page:
The run analysis page indicates the progress of the Mayhem run and will continue to auto-refresh until the end of its duration. In this time, Mayhem will fuzz the target application and generate as many test cases as it can to detect potential security vulnerabilities in the target application. Test cases that result in crashes or defects will be marked accordingly for future reference.
In particular, if we scroll down to the bottom of the run analysis page, we can see more information about what defects Mayhem found when fuzzing the containerized testme
target and even the individual test cases that were used during fuzzing.
For this particulartestme
target, there appears to be an underlying improper input validation defect.
Note. The exact hash/ID of your test case for your specific Mayhem run may differ from what is shown in this lesson.
Development Speed or Code Security. Why Not Both?
Mayhem is an award-winning AI that autonomously finds new exploitable bugs and improves your test suites.
And when we switch the pane’s view from Defects to Test Cases, we see the individual breakdown of test cases generated during the Mayhem run; Mayhem generated two particular test cases for this run resulting in the specified defect.
Nice job executing your first Mayhem run and finding a defect for the testme
target binary!
To confirm that the defect is indeed valid, we can reproduce the defective behavior of the testme
binary by manually fuzzing the testme
binary with the test case that Mayhem generated and saved. Users can download their test cases for this very use case.
Stay Connected
Subscribe to Updates
By submitting this form, you agree to our
Terms of Use
and acknowledge our
Privacy Statement.
*** This is a Security Bloggers Network syndicated blog from Latest blog posts authored by Editorial Staff. Read the original post at: https://forallsecure.com/blog/how-to-run-mayhem-from-a-docker-image