Hot fuzz: Bug detectives whip up smarter version of classic AFL fuzzer to hunt code vulnerabilities A group of university researchers from around the globe have teamed up to develop what they say is a powerful new tool to root out security flaws. Known as AFLSmart, this fuzzing software is built on the powerful American Fuzzy Lop toolkit. We're told AFLSmart is pretty good at testing applications for common security flaws, …
On the test-data-stochasticity spectrum this sits somewhere between coverage-guided fuzzing and old-school deterministic test inputs. Explicitly supplying a format specification spoils the elegance of it but if effectiveness improves, what's not to like? Oh, right - you have to have the format specification in the first place. Other than that, nice work indeed.
There have been some projects to use the AFL engine to do network-protocol fuzzing, in addition to file-format fuzzing. I haven't looked into them in a while. It'd be interesting to see how much work it would take to adapt AFLSmart to that sort of use.
Of course, you can always create client and server drivers that use an input file to generate the network traffic, and fuzz that. Or stub out your networking logic with equivalent file I/O. But having builtin network capability would be useful.
I remember when Zalewski first made afl-fuzz (the original American Fuzzy Lop command-line fuzzer) public - I think I have the email archived somewhere in one of those "take a look at this" collections. It's hard to believe that (according to the CHANGES file) it's only been five years. Lots of bugs have been found by it in that time.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
