DRANZER 2.0 - Detects Vulnerabilities in ActiveX Controls

Dranzer has been released as an open source project on Source Forge to help developers of ActiveX test their controls in their development processes and to invite community participation in making Dranzer a more effective tool. Dranzer, a tool that enables users to examine effective techniques for fuzz testing ActiveX controls has been developed. The Vulnerabilities in ActiveX controls has increased in past years. Presently the Dranzer is the most effective tool for testing ActiveX controls, but does not have a GUI and does not support object modeling lifetime. This paper presents Enhancements in Dranzer which would enhance performance of Dranzer. The enhanced Dranzer can be developed by creating a GUI , With multiple API calls, in sequence and at random, extracting fuzz repository from Dranzer and making it Dynamic.

Features
  • YOU NEED TO HAVE MICROSOFT SDK FILES ON YOUR COMPUTER IN ORDER RUN THIS PROJECT.

Steps for installing Dranzer through the setup:-
1.      Open Folder
2.      Double Click on setup.exe
3.      Welcome to the samplesetup Setup Wizard à Click on  Next
4.      Select Installation Folder:-
5.      Folder -> Select path you want or select by default path -> Click on Next
6.      Confirm Installation -> Click on Next
7.      Installing Sample Setup
8.      Installation Complete -> Click on Close
9.      Open the folder as per path specified and Double on InputDialog.exe and you will get Dranzer screen.
Steps for installing Dranzer:-
1.      First of all you have to install Microsoft Visual Studio 2008 version only as dranzer is coded in same.
2.      After installing Microsoft Visual Studio 2008 open the Dranzer folder with the same
3.      Now in Solution explorer right click on InputDialog and make it as you Set Start up project.
4.      Now you need to change path in two projects:-
·         Dranzer:-
a)      Click on Dranzer in solution explorer.
b)      Click on source files Open Dranzer.cpp
c)      Change path:- "D:\\Dranzer\\Dranzer\\Debug\\TestAndReport.exe",    // module name
d)     Line no:-1633
Specify the path according to the drive in which Dranzer folder is being saved. Specify complete path.
·         InputDialog:-
a)      Change path:-
b)      L"D:\\Dranzer\\Dranzer\\Debug\\Dranzer.exe",    // module name
c)      Line no:-333
d)     Line no:- 466
Specify the path according to the drive in which Dranzer folder is being saved. Specify complete path.

Source-