Spiderpig: A PDF JavaScript Fuzzer!

Adobe and Portable Document Format (PDF) vendors use JavaScript in their PDF formats to enhance standard work-flow for example connecting to database, spell checking, printing n viewing etc. When we open a PDF in say Adobe Reader, it executes this JavaScript code. So, the goal of Spiderpig is to find bugs in the PDF reader’s JavaScript engine.

Spiderpig reads the methods prototype from an input file and creates a PDF file and creates a stream of javascript code and then this stream is then added into PDF file using the makepdf module. In many PDF fuzzers that are out there on world-wide-web are file format fuzzers which try to fuzz the Adobe’s file format implementation. we didn’t discover a single fuzzer which fuzzes Adobe’s JavaScript implementation, so on those lines, we now have Spiderpig a JavaScript fuzzer for PDF file format which tries to screw up PDF reader utilizing JavaScript methods. Spiderpig uses bruteforce method to abuse reader, creating methods that use all range of evil parameters possible!

As fuzzer’s are very helpful in finding bugs and errors this one is specifically for PDF. There are other tools also which do the same things, which we have discussed earlier. This one targets only javascript engine of the reader. The source file contains a few hard-coded instructions that aide the fuzzer, which can be changed if you stumble upon something. That’s something we have always appreciated about open source applications.

Operating systems supported:

Currently supports all operating systems that allow you to use Python.

Download Spiderpig here