Hands-on fuzzing of open source project

Abstract

Fuzz testing, or fuzzing, is the automated testing of software by providing ran- dom inputs to the program under test. With advances in fuzzing research and ready-made fuzzers like AFL++, fuzzing has became a powerful tool in software testing. This final year project first explores the idea of improving fuzzing speed by parallelizing the input generation part of the fuzzer in the fuzzing library LibAFL. It includes an analysis of the fuzzing process from a performance per- spective and reasoning of why this parallelization idea ultimately cannot work. Then, the project pivots to applying ready-made fuzzing tool AFL++ to fuzz an open source software. The report details all parts of this fuzzing campaign: preparation of environment, development of custom fuzzing harness, monitoring and optimization of fuzzing process, crash triage, and disclosure. Several bugs were identified as a result of this fuzzing campaign. Above all else, this project is a learning process for me to dive into the topic of fuzzing.