FormatFuzzer: Effective Fuzzing of Binary File Formats

Dutra, Rafael Cypriano; Gopinath, Rahul; Zeller, Andreas

doi:10.48550/arxiv.2109.11277

Cited by 1 publication

(2 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We note such test cases as format-well. Representative work in this category includes: peach [7], LangFuzz [6], AFLSmart [8], QuickFuzz [9], FormatFuzzer [10], FaFuzzer [11].…”

Section: Format-aware Fuzzingmentioning

confidence: 99%

“…Based on the given data definition template written in XML, peach [7] is widely used to generate a large number of test cases meeting the file format, network protocol, or API and tests the robustness with targets including file parsers, network services, and web browsers. Fuzzers [8][9][10][11] are also similar to peach in that the user-supplied format template is required to parse and construct test cases following the format requirements. This type of method is fast and comprehensive, but labor-intensive and cannot identify unknown input format targets.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Fast Format-Aware Fuzzing for Structured Input Applications

Chen

Zhu

et al. 2022

Applied Sciences

View full text Add to dashboard Cite

Fuzzing is one of the most successful software testing techniques used to discover vulnerabilities in programs. Without seeds that fit the input format, existing runtime dependency recognition strategies are limited by incompleteness and high overhead. In this paper, for structured input applications, we propose a fast format-aware fuzzing approach to recognize dependencies from the specified input to the corresponding comparison instruction. We divided the dependencies into Input-to-State (I2S) and indirect dependencies. Our approach has the following advantages compared to existing works: (1) recognizing I2S dependencies more completely and swiftly using the input based on the de Bruijn sequence and its mapping structure; (2) obtaining indirect dependencies with a light dependency existence analysis on the input fragments. We implemented a fast format-aware fuzzing prototype, FFAFuzz, based on our method and evaluated FFAFuzz in real-world structured input applications. The evaluation results showed that FFAFuzz reduced the average time overhead by 76.49% while identifying more completely compared with Redqueen and by 89.10% compared with WEIZZ. FFAFuzz also achieved higher code coverage by 14.53% on average compared to WEIZZ.

show abstract

“…We note such test cases as format-well. Representative work in this category includes: peach [7], LangFuzz [6], AFLSmart [8], QuickFuzz [9], FormatFuzzer [10], FaFuzzer [11].…”

Section: Format-aware Fuzzingmentioning

confidence: 99%