Network fuzzing with american fuzzy lop
American fuzzy lop is a remarkable tool, but it always had a big limitation: It only worked for file inputs.
There had been different attempts to adapt networking to afl. There's a tool called preeny that works by preloading a library. I created a similar approach myself, however I never published it, the approach was very error-prone and only worked on very few applications.
Now there is a new attempts for fuzzing network input with afl and based on my first experiences it seems to work much better. Doug Birdwell created a modified version of afl that allows to fuzz networking inputs. It's relatively simple to use, just check out the documentation. For example I fuzzed wget with this command line:
afl-fuzz -i in -o out -t 30+ -D 7 -m none -L -Ntcp://localhost:8082 ./wget -O - -t 1 http://localhost:8082/test.htm
This doesn't just work in theory, Doug Birdwell reported on the afl-users mailing list that one of the bugs fixed with the latest release of ntp (CVE-2015-7855) was found with this new afl variant.
Having a networking variant of afl is a huge step to make it even more useful.
There had been different attempts to adapt networking to afl. There's a tool called preeny that works by preloading a library. I created a similar approach myself, however I never published it, the approach was very error-prone and only worked on very few applications.
Now there is a new attempts for fuzzing network input with afl and based on my first experiences it seems to work much better. Doug Birdwell created a modified version of afl that allows to fuzz networking inputs. It's relatively simple to use, just check out the documentation. For example I fuzzed wget with this command line:
afl-fuzz -i in -o out -t 30+ -D 7 -m none -L -Ntcp://localhost:8082 ./wget -O - -t 1 http://localhost:8082/test.htm
This doesn't just work in theory, Doug Birdwell reported on the afl-users mailing list that one of the bugs fixed with the latest release of ntp (CVE-2015-7855) was found with this new afl variant.
Having a networking variant of afl is a huge step to make it even more useful.