Skip to content

ouspg/libfuzzerfication

Repository files navigation

libfuzzerfication

LibFuzzerfication project uses libFuzzer for fuzzing popular applications and libraries.

Fuzzing in action

About

Purpose of fuzzing is to automatically generate lots of test input and to make code crash and increase code coverage. libFuzzer is a library for in-process, coverage-guided evolutionary fuzzing of other libraries. It is similiar to American Fuzzy Lop (AFL) but performs fuzzing inside single process and is much faster.

Motivation

There have been lots of vulnerabilities in popular libraries that should have been (theoretically) easy to test. We want to offer easy way to fuzz-test these libraries and increase awareness about the situation. We also want this to be available to everyone.

About libfuzzer

  • LibFuzzer is open-source library (part of LLVM)
  • Relies on compiler instrumentation to get coverage feedback
  • It is linked with the library under test
  • Works fully inside the running program (a process) -> Fast!
  • LibFuzzer itself can be built with any compiler and must be built without specific flags.
  • Target code must be buit with Clang using ASan, USan or MSan and -fsanitize-coverage=edge[,8bit-counters,trace-cmp,indirect-calls]

Optional features are inside [].

How does this project work?

  • You pull container from Dockerhub
  • Start Writing your own libfuzzer stub
  • Share dockerfile with other users
  • Use libFuzzer to collect corpus so that other people can continue where you left off

You can start writing stubs without docker.

Getting started

Material

Tracking

Target tracking sheet

Found issues

Contributors

Visit #ouspg @ IRCnet if you're interested!

This is part of OUSPG-open