Stack Overflow
Stack Overflow

Questions tagged [fuzzing]

Testing software by presenting it with invalid input to find errors in input validation and handling.

Fuzzing or Fuzz-testing is a type of software test where the software is presented with invalid input to find errors in input validation and handling.

Fuzz testing is often automated.

Wikipedia Article

258 questions
3
votes
1 answer

Git diff explanation for sshd

I have a diff: diff --git openbsd-compat/arc4random.c openbsd-compat/arc4random.c --- openbsd-compat/arc4random.c +++ openbsd-compat/arc4random.c @@ -242,7 +242,7 @@ void arc4random_buf(void *buf, size_t n) { _ARC4_LOCK(); - …
Hessnov
  • 367
  • 2
  • 7
3
votes
1 answer

Enable AddressSanitizer by default in gcc

To be able to debug and fuzz a whole Linux distribution, I would like to set ASAN (AddressSanitizer, https://en.wikipedia.org/wiki/AddressSanitizer) as default option to gcc. So normally to achieve what I want, generally, I set the following…
VP.
  • 5,122
  • 6
  • 46
  • 71
3
votes
1 answer

How to know that the application has finished processing file?

I am trying to automate the instrumentation which i am doing in the application, but the problem is i am dealing with applications which do not exits by itself after processing. For example take any pdfviewer/reader, If i open a file the file is…
user2823667
  • 193
  • 2
  • 18
3
votes
1 answer

Boofuzz Doesn't Restart Process After Crash

I'm learning how to fuzz using boofuzz. I have everything setup on a Windows 7 VM. The target is the Vulnserver application. Since I know the TRUN, GMON, and KSTET commands are vulnerable, I put these commands in a s_group list. I expect the…
user1339242
  • 33
  • 4
3
votes
2 answers

Random object generator in JavaScript

I need a random object generator in JavaScript that generates a variety of objects with different fields and values. Any ideas where I can find such tool? I need to generate random objects with various complexity.. My goal is to use JSON in order to…
Gjorgji
  • 22,458
  • 10
  • 31
  • 39
2
votes
1 answer

How to debug go fuzzing?

I am trying to debug the fuzzing part in golang sdk (go/internal/fuzz) with GoLand, with a demo like this: package awesomeProject1 import "testing" func fn(s string) int { var sum int for _, i := range s { sum += int(i) } …
Msk
  • 21
  • 1
2
votes
1 answer

How to set up Web API Fuzzing in Gitlab in a repository with multiple services?

I have a repository that has multiple microservices in it. As part of that, each service has its own OpenAPI 3.0 spec. There is only one .gitlab-ci.yaml file in the repository, but it is not clear in the existing documentation on how to have…
Muttonchop
  • 353
  • 4
  • 22
2
votes
3 answers

Fuzzing/reverse engineering virtual machines

I'm a beginner/intermediate at reverse engineering and I’m trying to make the leap to expert. I want to do a project on virtual machines specifically escaping them and was wondering if fuzzing could be applied to them. Such as fuzzing the networking…
Homelestag
  • 23
  • 4
2
votes
1 answer

How do I fuzz a nil value in Go 1.18?

I am trying to use Go 1.18 go test -fuzz command to fuzz nil values so that I can ensure I didn't forget safety checks before attempting to dereference a pointer to a string. Here is my attempt: // main.go package main import ( "fmt" ) func…
Ben
  • 2,122
  • 2
  • 28
  • 48
2
votes
0 answers

How does one create insertion or deletion mutations using LibFuzzer?

libFuzzer has functions that can be implemented by the end-user like this: size_t LLVMFuzzerCustomMutator( uint8_t* data, size_t size, size_t max_size, unsigned int seed) Am I free to sometimes insert some bytes in data thereby making it…
Sean McCauliff
  • 1,494
  • 1
  • 13
  • 26
2
votes
1 answer

What is the difference between -fsanitize-coverage=trace-pc and trace-pc-guard?

Recently I have been studying the Clang sanitizer. I find the flag -fsanitize-coverage can be trace-pc or trace-pc-guard. According to the official document(Tracing PCs with guards, Tracing PCs), both can insert stub…
SeekaMoon
  • 21
  • 2
2
votes
0 answers

Combine fuzzing with tracing of execution path

I want to trace execution paths for a program for multiple inputs. To generate inputs I currently use coverage-guided fuzzing - I first tried AFL and now use Libfuzzer. To record execution paths I looked at XRay and SanitizerCoverage which both…
Jonas Möller
  • 363
  • 3
  • 16
2
votes
1 answer

pytest - best design for fuzzing with limited parameters

I was wondering about fuzzing in pytest and what is the best way to do that. In the past I used hypothesis library to fuzz values, but it work best only when running each test many times. Because my system is slow I want to be able to split the…
UdiM
  • 480
  • 3
  • 19
2
votes
1 answer

Is it possible to tell libfuzzer ignore certain code?

I use libfuzzer and it's been great experience so far. My code under fuzz is full of branches like this: bool fuzzingThisFunc() { if(!checkSomething()) { fmt::printf("error log"); return false; } ... return true; } Where…
warchantua
  • 1,154
  • 1
  • 10
  • 24
2
votes
1 answer

How to make afl-fuzz not skip test cases when a timeout is reached

I am currently trying to fuzz a PDF viewer with the AFL fuzzer (American Fuzzy Lop). My problem is quite simple, afl-fuzz expect the application to take an input and close after processing it. But, the PDF viewer is intended to open the document and…
perror
  • 7,071
  • 16
  • 58
  • 85
1 2
3
17 18