Skip to content

Commit

Permalink
Various fixes and doc updates (#27)
Browse files Browse the repository at this point in the history
- Make older Firefox binaries trust BugHog certs again
- Use threading to make /report/ endpoint more responsive
- Improve websocket robustness
- Add logo
- Update dependencies
  • Loading branch information
GJFR authored Aug 2, 2024
2 parents 325c655 + f5e48ec commit 07e896c
Show file tree
Hide file tree
Showing 21 changed files with 256 additions and 177 deletions.
51 changes: 29 additions & 22 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,26 +1,31 @@
# BugHog

![pytest_job](https://github.com/DistriNet/BugHog/actions/workflows/run-tests-and-linter.yml/badge.svg?branch=main)
<a href="https://hub.docker.com/r/bughog/core">![Docker Image Version (tag)](https://img.shields.io/docker/v/bughog/core/latest?logo=docker)</a>
<a href="https://hub.docker.com/r/bughog/core">![Docker Image Size](https://img.shields.io/docker/image-size/bughog/core?logo=docker)</a>

<div align="center">
<img alt="BugHog logo" src="./assets/bughog_logo_long.svg" height="186"/>
<div>
<img alt="pytest_job" src="https://github.com/DistriNet/BugHog/actions/workflows/run-tests-and-linter.yml/badge.svg?branch=main" />
<a href="https://hub.docker.com/r/bughog/core"><img alt="Docker Image Version (tag)" src="https://img.shields.io/docker/v/bughog/core/latest?logo=docker" /></a>
<a href="https://hub.docker.com/r/bughog/core"><img alt="Docker Image Size" src="https://img.shields.io/docker/image-size/bughog/core?logo=docker" /></a>
</div>
</div>
<br>

BugHog is a powerful framework designed specifically to address the challenging task of pinpointing the exact code revisions in which a particular browser bug was introduced or fixed.

This framework has been developed as part of the _"A Bug's Life: Analyzing the Lifecycle and Mitigation Process of Content Security Policy Bugs"_ paper to identify Content Security Policy bug lifecycles, published at [USENIX Security '23](https://www.usenix.org/conference/usenixsecurity23/presentation/franken).

<img
src="https://secartifacts.github.io/usenixsec2023/usenixbadges-available.png"
alt="USENIX Association artifact evaluated badge"
width="100"/>
<img
src="https://secartifacts.github.io/usenixsec2023/usenixbadges-functional.png"
alt="USENIX Association artifact functional badge"
width="100"/>
<img
src="https://secartifacts.github.io/usenixsec2023/usenixbadges-reproduced.png"
alt="USENIX Association artifact reproduced badge"
width="100"/>
<div align="center">
<img
src="https://secartifacts.github.io/usenixsec2023/usenixbadges-available.png"
alt="USENIX Association artifact evaluated badge"
width="100"/>
<img
src="https://secartifacts.github.io/usenixsec2023/usenixbadges-functional.png"
alt="USENIX Association artifact functional badge"
width="100"/>
<img
src="https://secartifacts.github.io/usenixsec2023/usenixbadges-reproduced.png"
alt="USENIX Association artifact reproduced badge"
width="100"/>
</div>


## Getting started :rocket:
Expand All @@ -47,10 +52,12 @@ If BugHog is started on a remote server, substitute 'localhost' with the appropr

> [!NOTE]
> Depending on your Docker configuration, you might have to use `sudo ./scripts/[..]`.
>
> BugHog in default configuration will spin up its own MongoDB container, which persists data in the [/database](/database/) folder.
> Configuring BugHog to use your own MongoDB and other options are explained [here](https://github.com/DistriNet/BugHog/wiki/Configuration-options).
> [!TIP]
> BugHog in default configuration will spin up its own MongoDB container, which persists data in the [/database](/database/) folder.
> Configuring BugHog to use your own MongoDB (and other options) are explained [here](https://github.com/DistriNet/BugHog/wiki/Configuration-options).
> Our [30-minute tutorial](https://github.com/DistriNet/BugHog/wiki/Tutorial) will guide you on how to use BugHog to trace a real bug's lifecycle!
To stop BugHog, simply run this in the project root:

Expand All @@ -59,7 +66,7 @@ To stop BugHog, simply run this in the project root:
```


## Development
## Development :hammer_and_wrench:

Use the following commands to build the Docker images yourself, for instance after you made changes to the source code:

Expand Down Expand Up @@ -88,7 +95,7 @@ For debugging the core application, consider using the VS Code dev container.
You can utilize the configuration in [.devcontainer](.devcontainer) for this.


## Support and contact
## Support and contact :phone:

More information on how to use BugHog can be found [here](/docs/SUPPORT.md).

Expand Down
1 change: 1 addition & 0 deletions assets/bughog_logo_long.svg
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
4 changes: 4 additions & 0 deletions bci/analysis/plot_factory.py
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,10 @@ def __add_outcome_info(params: PlotParameters, docs: dict):
target_mech_id = params.target_mech_id if params.target_mech_id else params.mech_group

for doc in docs:
# DISCLAIMER:
# Because Nginx takes care of all HTTPS traffic, flask (which doubles as proxy) only sees HTTP traffic.
# Browser <--HTTPS--> Nginx <--HTTP--> Flask

# Backwards compatibility
requests_to_target = list(filter(lambda x: f'/report/?leak={target_mech_id}' in x['url'], doc['results']['requests']))
# New way
Expand Down
23 changes: 11 additions & 12 deletions bci/browser/configuration/firefox.py
Original file line number Diff line number Diff line change
Expand Up @@ -94,21 +94,20 @@ def _prepare_profile_folder(self):
else:
self._profile_path = prepare_firefox_profile('default-67')

# Make Firefox trust the proxy CA and server CA
# cert9.db key4.db pkcs11.txt
# Make Firefox trust the bughog CA

# For newer Firefox versions (> 57):
# Generate SQLite database: cert9.db key4.db pkcs11.txt
cli.execute(
f'certutil -A -n bughog-ca -t CT,c -i /etc/nginx/ssl/certs/bughog_CA.crt -d sql:{self._profile_path}'
)
# Normally: cert8.db key3.db secmod.db, however: cert9.db key4.db pkcs11.txt
# For older Firefox versions (<= 57):
# Generate in Berkeley DB database: cert8.db, key3.db, secmod.db
cli.execute(
f'certutil -A -n bughog-ca -t CT,c -i /etc/nginx/ssl/certs/bughog_CA.crt -d {self._profile_path}'
f'certutil -A -n bughog-ca -t CT,c -i /etc/nginx/ssl/certs/bughog_CA.crt -d dbm:{self._profile_path}'
)

# The certutil in the docker image refuses to create cert8.db, so we copy
# an existing cert8.db which accepts the necessary CAs
cli.execute(f'cp /app/browser/profiles/firefox/cert8.db {self._profile_path}')
# How to create a cert8.db?
# Current certutils versions do not support creating cert8.db anymore.
# However, older Firefox versions (<= 57) embed an old version the certutils library libnss3.so.
# Use this by `LD_LIBRARY_PATH=firefox/libnss3.so certutil -A -n bughog-ca -t CT,c -i /home/bci/bughog_ca.crt -d dbm:.{self._profile_path}`.
# Your cert8.db will be created in the current directory.
# More info:
# - https://support.mozilla.org/en-US/questions/1207165
# - https://stackoverflow.com/questions/1435000/programmatically-install-certificate-into-mozilla
# - https://ftpdocs.broadcom.com/cadocs/0/CA%20SiteMinder%20r12%20SP3-ENU/Bookshelf_Files/HTML/idocs/792390.html
Loading

0 comments on commit 07e896c

Please sign in to comment.