-
Notifications
You must be signed in to change notification settings - Fork 2
yFuzz
The source code of yFuzz is ➡️ here
Please refer to the guidance of AFL here, before setting up yFuzz.
Steps:
- Get to know AFL!
- Inserting __AFL_init() into the testing program, at the locations you want the program to fork.
- Compile the testing program using the afl-clang-fast in yFuzz
- Run:
$ ./afl-fuzz -i testcase_dir -o findings_dir -m mem_limit /path/to/program @@Here are some of the configuration variables that you can change based on your own understanding/needs of the testing protocol in "config.h":
- MIN_CYCLE_TO_PROCEED : the minimum number of cycles finished before the fuzzing state can change
- MAX_CYCLE_TO_REGRESS : the maximum number of cycles that current fuzzing state can have, if this number is reached, the change of fuzzing state is enforced.
- Q_MAX_PATHS : the maximum number of paths that the current fuzzing queue is allowed to have, this is used to prevent the fuzzing state is trapped.
Here cycle means a fuzzing cycle from the first entry of the fuzzing queue to the end of the queue. These parameters can be configured to better suit the needs of specific testing protocols and achieve faster fuzzing. Try it out!
Exploring Effective Fuzzing Strategies to Analyze Communication Protocols
Chen, Y., Lan, T. and Venkataramani, G., 2019, November. Exploring Effective Fuzzing Strategies to Analyze Communication Protocols. In Proceedings of the 3rd ACM Workshop on Forming an Ecosystem Around Software Transformation (pp. 17-23).
yFuzz: a yield-driven progressive fuzzer for stateful communication protocols
Under review
-
Exploring Effective Fuzzing Strategies to Analyze Communication Protocols: ACM CCS FEAST, Toronto, 2019
-
yFuzz: a yield-driven progressive fuzzer for stateful communication protocols: under review
Project homepage for protocol customization, SEAS, GWU