October 25, 2021


Dedicated Forum to help removing adware, malware, spyware, ransomware, trojans, viruses and more!

StateAFL: Greybox Fuzzing for Stateful Network Servers. (arXiv:2110.06253v1 [cs.CR])

Fuzzing network servers is a technical challenge, since the behavior of the
target server depends on its state over a sequence of multiple messages.
Existing solutions are costly and difficult to use, as they rely on
manually-customized artifacts such as protocol models, protocol parsers, and
learning frameworks. The aim of this work is to develop a greybox fuzzer for
network servers that only relies on lightweight analysis of the target program,
with no manual customization, in a similar way to what the AFL fuzzer achieved
for stateless programs. The proposed fuzzer instruments the target server at
compile-time, to insert probes on memory allocations and network I/O
operations. At run-time, it infers the current protocol state of the target by
analyzing snapshots of long-lived memory areas, and incrementally builds a
protocol state machine for guiding fuzzing. The experimental results show that
the fuzzer can be applied with no manual customization on a large set of
network servers for popular protocols, and that it can achieve comparable, or
even better code coverage than customized fuzzing. Moreover, our qualitative
analysis shows that states inferred from memory better reflect the server
behavior than only using response codes from messages.