Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Black Box Fuzzing
2016-10-24
• American Fuzzy Lop (AFL) is a fuzzing tool
• Also, a breed of rabbit
• Written by Michał Zalewski (`lcamtuf`)
• Used as ...
• Fuzz testing is the generation of random, hopefully invalid inputs
• Meant to catch the edge cases that you didn’t antic...
1. Create a binary that reads from stdin, returns non-zero on exception
2. Give AFL the binary and a few sample inputs
3. ...
• We want to check for crashes in the encode/decode functions of pyhocon
• HOCON (Human-Optimized Config Object Notation)
...
• We want to check for crashes in the encode/decode functions of pyhocon
1. Write a simple wrapper program
2. Since we’re ...
The code
It’s running!
• Bit + Byte flips
• Arithmetic offsets
• Troublesome values (0, 1, INT_MAX, etc)
• Random overwrites + appends
• Inserts/...
• Bit + Byte flips
• Arithmetic offsets
• Troublesome values (0, 1, INT_MAX, etc)
• Random overwrites + appends
• Inserts/...
• https://github.com/chimpler/pyhocon/issues/103
• It happens when you try to append to an list that is nested in a dictio...
• American Fuzzy Lop is a very good tool for black box fuzz testing of software.
• Very easy to use (nothing to learn, no ...
You’ve finished this document.
Download and read it offline.
Upcoming SlideShare
Fuzzing underestimated method of finding hidden bugs
Next
Upcoming SlideShare
Fuzzing underestimated method of finding hidden bugs
Next
Download to read offline and view in fullscreen.

2

Share

American Fuzzy Lop

Download to read offline

American Fuzzy Lop (AFL) is a security-oriented fuzz testing tool.
In this talk, I demonstrate how dead-simple AFL is to use. I show how I used it to fuzz a Python library, discovering a subtle bug in the process.

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all

American Fuzzy Lop

  1. 1. Black Box Fuzzing 2016-10-24
  2. 2. • American Fuzzy Lop (AFL) is a fuzzing tool • Also, a breed of rabbit • Written by Michał Zalewski (`lcamtuf`) • Used as part of a bunch of DEFCON presentations (including CGC) • Big in the computer security field • Finds crashes in programs • Works on (instrumented) binaries • Has no understanding of problem domain • Has found A LOT of tricky, impressive bugs: • http://lcamtuf.coredump.cx/afl/ • Firefox, OpenSSL, clang, glibc, perl, screen, Redis… American Fuzzy Lop
  3. 3. • Fuzz testing is the generation of random, hopefully invalid inputs • Meant to catch the edge cases that you didn’t anticipate / test for Aside: Fuzz Testing
  4. 4. 1. Create a binary that reads from stdin, returns non-zero on exception 2. Give AFL the binary and a few sample inputs 3. Profit! (analyze crash logs) Usage
  5. 5. • We want to check for crashes in the encode/decode functions of pyhocon • HOCON (Human-Optimized Config Object Notation) • https://github.com/typesafehub/config/blob/master/HOCON.md • pyhocon is a python library for HOCON SerDes • https://github.com/chimpler/pyhocon Example
  6. 6. • We want to check for crashes in the encode/decode functions of pyhocon 1. Write a simple wrapper program 2. Since we’re in Python, we also use the python-afl library 3. Add the expected Exceptions 4. Run! 5. Wait… Example
  7. 7. The code
  8. 8. It’s running!
  9. 9. • Bit + Byte flips • Arithmetic offsets • Troublesome values (0, 1, INT_MAX, etc) • Random overwrites + appends • Inserts/Deletes/Splices of inputs at random offsets Checks
  10. 10. • Bit + Byte flips • Arithmetic offsets • Troublesome values (0, 1, INT_MAX, etc) • Random overwrites + appends • Inserts/Deletes/Splices of inputs at random offsets Checks
  11. 11. • https://github.com/chimpler/pyhocon/issues/103 • It happens when you try to append to an list that is nested in a dictionary • Internally, a boolean was being passed in when it should have been a string • While type checking would have also found this, a person manually testing likely would not (and did not) find it Bug found!
  12. 12. • American Fuzzy Lop is a very good tool for black box fuzz testing of software. • Very easy to use (nothing to learn, no domain knowledge) • Especially useful for code: • That is complex • That you didn’t write • That you don’t have the source code for • ie. Code you don’t understand • Further reading: • https://github.com/mirrorer/afl/blob/master/docs/technical_details.txt • “10/10; would crash again” Conclusions
  • mehammedteshome

    Mar. 6, 2020
  • justinfilip

    Oct. 25, 2016

American Fuzzy Lop (AFL) is a security-oriented fuzz testing tool. In this talk, I demonstrate how dead-simple AFL is to use. I show how I used it to fuzz a Python library, discovering a subtle bug in the process.

Views

Total views

1,009

On Slideshare

0

From embeds

0

Number of embeds

0

Actions

Downloads

21

Shares

0

Comments

0

Likes

2

×