PDF Application Testing with beSTORM

Step 1:

Create a directory to hold the PDF files. For example:


Make sure your user has permission to write in that directory (for example, open notepad, write something, and save it in C:PDF to see that it can be saved without a permission error)

Step 2:


Click on New Project

Give the project a name and click Next

From the list of modules, select PDF. On this same screen, fill in the Output directory to the directory in step 1 (in our example:C:PDF)

Step 3:

Click Next on the Module Environment screen

Step 4:

Click Next to skip the monitor configuration.

Step 5:

Click Finish to start creating the PDF file.

beSTORM will now start running and will create PDF files in the directory C:PDF



To speed up the process, you can pull the SPS slider (on the bottom left of the screen) to increase the file generation speed:


Stop the process (by clicking Pause) when you fill you have enough PDF files. Do not wait for beSTORM to finish since the number of possible PDF files is in the trillions of files.

Step 6:

The directory C:PDF will now have many subdirectories containing PDF files.
All these files are malformed PDF files that will be used to test the PDF application for security holes.

Locate the following .BAT files:





These are Windows script files and can be easily change to accommodate your environment. Make the following changes:



1. Locate the line that looks like:

(set threads=T1 T2 T3 T4 T5)(set inputdir=c:jpeg)

change c:jpeg to the directory where the PDF files are located (in our case C:/PDF)

2. Locate the line that looks like:

set appname= c:WINDOWSsystem32mspaint.exe

Change the application name to the path to Acrobat reader on your computer. Make sure to keep the double quotes before and after the full path.

Once you have made these modifications, run


Either from command line or by double-clicking the batch file. If you have configured everything correctly, you should see acrobat reader being opened automatically, loading the PDF files, and automatically shutting down after a few seconds.