nav search
Data Centre Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes

back to article
Hot fuzz: Bug detectives whip up smarter version of classic AFL fuzzer to hunt code vulnerabilities


Interesting stuff

On the test-data-stochasticity spectrum this sits somewhere between coverage-guided fuzzing and old-school deterministic test inputs. Explicitly supplying a format specification spoils the elegance of it but if effectiveness improves, what's not to like? Oh, right - you have to have the format specification in the first place. Other than that, nice work indeed.

Anonymous Coward
Anonymous Coward

Does it it cats?

like the real Alf

Michael Wojcik
Silver badge

Network protocol fuzzing

There have been some projects to use the AFL engine to do network-protocol fuzzing, in addition to file-format fuzzing. I haven't looked into them in a while. It'd be interesting to see how much work it would take to adapt AFLSmart to that sort of use.

Of course, you can always create client and server drivers that use an input file to generate the network traffic, and fuzz that. Or stub out your networking logic with equivalent file I/O. But having builtin network capability would be useful.

I remember when Zalewski first made afl-fuzz (the original American Fuzzy Lop command-line fuzzer) public - I think I have the email archived somewhere in one of those "take a look at this" collections. It's hard to believe that (according to the CHANGES file) it's only been five years. Lots of bugs have been found by it in that time.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing