Proposal / Submission Type

Peer Reviewed Paper

Abstract

Fuzzing techniques are applied to reveal different types of bugs and vulnerabilities. American Fuzzy Lop (AFL) is a free most popular software fuzzer used by many other fuzzing frameworks. AFL supports autonomous mode of operation that uses the previous step output into the next step, as a result fuzzer spends a lot of time analyzing minor code sections. By making fuzzing process more focused and human controlled security expert can save time and find more bugs in less time. We designed a new module that can fuzz only the specified functions. As a result, the chosen ones will be inspected more meticulously by a fuzzer, without wasting the time on inspecting minor code sections. The module provides API so that an expert can change which code functions need work in runtime. The module has been integrated with AFL and successfully responds to the challenge.

Share

COinS
 

Human-Controlled Fuzzing With AFL

Fuzzing techniques are applied to reveal different types of bugs and vulnerabilities. American Fuzzy Lop (AFL) is a free most popular software fuzzer used by many other fuzzing frameworks. AFL supports autonomous mode of operation that uses the previous step output into the next step, as a result fuzzer spends a lot of time analyzing minor code sections. By making fuzzing process more focused and human controlled security expert can save time and find more bugs in less time. We designed a new module that can fuzz only the specified functions. As a result, the chosen ones will be inspected more meticulously by a fuzzer, without wasting the time on inspecting minor code sections. The module provides API so that an expert can change which code functions need work in runtime. The module has been integrated with AFL and successfully responds to the challenge.