Fuzzing is currently a thriving research area in the cybersecurity field. This work begins by introducing code that brings partial replayability capabilities to AFL++ in an attempt to solve the challenge of the highly random nature of fuzzing that comes from the large amount of random mutations on input seeds. The code addresses two of the three sources of nondeterminism described in this work. Furthermore, this work introduces Fuzzing Debugger (FDB), a highly configurable framework to facilitate the debugging of fuzzing by interfacing with GDB. Three debugging modes are described which attempt to tackle two use cases of FDB: (1) pinpointing nondeterminism in fuzz runs, therefore paving the way for replayable fuzz runs and (2) systematically finding preferable stopping points seed analysis.
Details
- FDB: A Framework for Flexible and Efficient Fuzzer Debugging
- Liu, Denis (Author)
- Bao, Tiffany (Thesis director)
- Shoshitaishvili, Yan (Committee member)
- Barrett, The Honors College (Contributor)
- School of Mathematical and Statistical Sciences (Contributor)
- Computer Science and Engineering Program (Contributor)