BugHog is a powerful framework designed specifically to address the challenging task of pinpointing the exact revisions in which a particular browser bug was introduced or fixed.
This framework has been developed as part of the "A Bug's Life: Analyzing the Lifecycle and Mitigation Process of Content Security Policy Bugs" paper to identify Content Security Policy bug lifecycles, published at USENIX Security '23.
BugHog is compatible with UNIX systems running Docker, including WSL on Windows. Follow these steps to get started:
-
Clone this repository:
git clone https://github.com/DistriNet/BugHog cd BugHog
-
Obtain images:
You will need at least 5 GB of disk space. There are two options available to obtain the BugHog images, and you can switch between them by executing the appropriate command.
Option A: Pulling (fastest)
Use the following command to pull the necessary Docker images:
docker compose pull core worker web
๐ก If you prefer to use a version other than the latest, simply modify the
BUGHOG_VERSION
and / orBUGHOG_WEB_VERSION
variables accordingly.Option B: Building
Use the following commands to build the Docker images yourself, for instance after you made changes to the source code:
docker compose build core worker web
๐ก For reference, building takes about 4 minutes on a machine with 8 CPU cores and 8 GB of RAM.
Launch BugHog using the following command:
docker compose up -d
โ ๏ธ If you usesudo
with this command, thePWD
environment variable won't be passed to the BugHog containers, which is necessary for dynamically starting worker containers. To avoid this, explicitly pass on this variable:sudo PWD=$PWD docker compose up
.
Open your web browser and navigate to http://localhost:5000 to access the graphical interface. If BugHog is started on a remote server, substitute 'localhost' with the appropriate IP address.
BugHog can be stopped through:
docker compose down
โ ๏ธ BugHog's own MongoDB instance will persist data within the database folder. Be sure to back-up accordingly, or use your own MongoDB instance as explained below.
By default, BugHog uses a MongoDB container to store data. If you prefer storing data in your own MongoDB instance, follow these steps:
-
Create a
.env
file from.env.example
(both in the config folder) and fill in the missing database values. -
(Re)start BugHog.
Instructions to add your own custom experiments to the server can be found here. Be sure to restart the BugHog framework when you add a new experiment:
docker compose down
docker compose up -d
For extending or debugging the Vue UI, the most convenient approach is to launch an interactive Node environment. The UI can be visited at http://localhost:5173.
docker compose up node_dev
For debugging the core application, consider using the VS Code dev container. You can utilize the configuration in .devcontainer for this.
Don't hesitate to open a GitHub issue if you encounter a bug or want to suggest a feature!
For questions or collaboration, you can reach out to Gertjan Franken.
If something isn't working as expected, check out the troubleshooting tips below. If you don't find a solution, don't hesitate to open a GitHub issue. Feel free to include any relevant logs.
- Try launching BugHog without the
-d
flag to see logging output in the terminal, which might provide more information about the issue. - For more detailed logs at the
DEBUG
level, check out the logs folder for all logging files.
- Ensure you clone the BugHog project to the WSL file system instead of the Windows file system, and launch it from there. Virtualization between these file systems can cause complications with file management.