Although still in its infancy, SnapFuzz is already showing promising results
An open-source fuzzing tool developed by researchers at Imperial College London’s Software Reliability Group aims to solve some of the tricky problems in network application testing.
SnapFuzz uses a series of techniques to speed up the testing of network protocols and overcome time constraints and other limitations that make it difficult to fuzz network applications.
Although SnapFuzz is still in its infancy, it is showing promising results and its developers hope that it will soon become a mainstay in the toolkit for testing network applications.
The challenges of fuzzing network applications
Fuzzing is a popular way to test and discover bugs in software. However, network applications can be difficult to fuzz properly, say Anastasios Andronidis and Cristian Cadar, authors of the SnapFuzz article.
“Most network applications are stateful,” the researchers said. The daily sip. “Stateful apps have side effects, that is, they perform operations that change the app’s environment, and those changes can interfere with the fuzzing process.”
RELATED New Differential Fuzzing Tool Reveals New HTTP Request Smuggling Techniques
For example, network applications require writing data to the file system or exchanging messages over the network with other applications.
“No one wants random emails sent to your colleagues because of a fuzzing campaign, so proper isolation is mandatory,” the authors said.
Moreover, according to the researchers, these side effects can interfere with the fuzzing process, which could incorrectly infer that a given message exchange is reaching a certain part of the code, when in fact these are the side effects of a previous fuzzing iteration that trigger the behavior. .
“It’s important to efficiently reset the state between fuzzing iterations,” Andronidis and Cadar said.
SnapFuzz Architecture
State-of-the-art fuzzers for network applications, such as AFLNet, require specialized test harnesses that manually reset the state between iterations, add delays to synchronize the network application with the fuzzer, and specify the point in the code where the application has completed its initialization.
“These take time to write and can be quite flimsy. For example, we had to readjust some delays when switching to another machine,” the researchers said.
The researchers also noticed that app developers often add delays, such as gracefully shutting down a server. “These are fine in a production environment but are not compatible with the high performance throughput required by fuzzers,” Andronidis and Cadar said.
The SnapFuzz fuzzing framework for network applications
SnapFuzz builds on AFLNet and adds several features that address manual configuration and performance issues found in other fuzzing tools.
The SnapFuzz protocol automatically transforms all asynchronous network communication into much more efficient synchronous communication based on UNIX domain sockets.
Learn about the latest hacking news
A copy-on-write file system in memory automatically resets the state of the file system without requiring user intervention. And the researchers also developed a method to automatically infer the point where the application has completed initialization, which significantly speeds up fuzzing.
“To achieve all of this, SnapFuzz leverages binary rewrite. This technique effectively intercepts all system calls from the fuzzed application and gives full control to SnapFuzz to dictate how the application should interact with its environment, and in particular the fuzzer,” Andronidis and Cadar said.
High speed fuzzing
Researchers used SnapFuzz to test five popular network applications: LightFTP, TinyDTLS, Dnsmasq, LIVE555, and Dcmqrscp. They were able to achieve impressive speed improvements of 60x, 40x, 30x, 25x, and 8x, respectively.
“In terms of usability, we were able to eliminate the need for custom cleanup scripts and manually specified timeouts, which can be difficult to get right,” Andronidis and Cadar said.
At the moment, SnapFuzz is a new project and a work in progress that has only been tested on well-established benchmarks.
“Our top priority is to expand our work to more benchmarks and the latest versions of popular networking projects such as Redis and Memcached, and to push industry adoption, starting with companies that are already fuzzing their network applications,” said Andronidis and Cadar.
YOU MIGHT ALSO LIKE APKLeaks Android Security Tool Fixes Critical Vulnerability
