Fuzzing is one of the powerful strateies for identifying security problems in real world software. it perform the vast majority of remote code execution and privilege escalation bugs found to date in security-critical software.
There are several major fuzzing tools (fuzzer) such as APL, LibFuzzer, HonggFuzz.
Recommentation for beginners.
Among the many software vulnerability discovery techniques available today, fuzzing has remained highly popular due to its conceptual simplicity, its low barrier to deployment, and its vast amount of empirical evidence in discovering real-world software vulnerabilities. At a high level, fuzzing refers to a process of repeatedly running a program with generated inputs that may be syntactically or semantically malformed. While researchers and practitioners alike have invested a large and diverse effort towards improving fuzzing in recent years, this surge of work has also made it difficult to gain a comprehensive and coherent view of fuzzing. To help preserve and bring coherence to the vast literature of fuzzing, this paper presents a unified, general-purpose model of fuzzing together with a taxonomy of the current fuzzing literature. We methodically explore the design decisions at every stage of our model fuzzer by surveying the related literature and innovations in the art, science, and engineering that make modern-day fuzzers effective.
The Art, Science, and Engineering of Fuzzing: A Survey
Among the many software vulnerability discovery techniques available today, fuzzing has remained highly popular due to its conceptual simplicity, its low barrier to deployment, and its vast amount of empirical evidence in discovering real-world software vu
arxiv.org
Well Known Fuzzing Tools
AFL(American fuzzy lop) is a free software fuzzer which is developed by Michal Zalewski in Google. Its initial release was 12 November 2013 in github.com/google/AFL.
However, it has unmaintained several years and AFL++(Americal Fuzzy lop plus plus) was replaced by community. AFL++ has employed several advanced patched which is not supported in AFL such as LLVM and QEMU supports.
AFL(American fuzzy lop)
google/AFL
american fuzzy lop - a security-oriented fuzzer. Contribute to google/AFL development by creating an account on GitHub.
github.com
AFL++((American fuzzy lop plus plus)
AFL++ is an open source under APACHE 2.0
github.com/AFLplusplus/AFLplusplus
AFLplusplus/AFLplusplus
The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!...
github.com
Researh paper which describes what AFL++ is
aflplus.plus//papers/aflpp-woot2020.pdf
LibFuzzer
libFuzzer – a library for coverage-guided fuzz testing. — LLVM 12 documentation
Q. Why doesn’t libFuzzer use any of the LLVM support? There are two reasons. First, we want this library to be used outside of the LLVM without users having to build the rest of LLVM. This may sound unconvincing for many LLVM folks, but in practice the n
llvm.org
'개발 > 검증' 카테고리의 다른 글
| FuzzBench란? (0) | 2021.02.08 |
|---|