December 11, 2023

An open-source fuzzing tool was introduced by researchers to test testing network applications. SnapFuzz uses a series of techniques to speed up the testing of network protocols and overcome the timing constraints and other limitations that make it difficult to fuzz networking applications.

Fuzzing is a process of testing and identifying bugs in application. However, network applications can be tricky to fuzz properly due to its stateful nature , changing time to time . Many effects can interfere with the fuzzing process, which might incorrectly infer that a given message exchange reaches a certain part of the code, when in fact it is the side effects of a previous fuzzing iteration that trigger the behavior.

Pioneer fuzzers for network applications, such as AFLNet, require specialized test harnesses that manually reset the state between iterations, add time delays to synchronize the network application with the fuzzer, and specify the point in the code where the application has finished its initialization , a lengthy and time consuming process

SnapFuzz builds on top of AFLNet and adds several features that address manual configuration and performance issues found in other fuzzing tools. The protocol that getting used automatically transforms all asynchronous networking communications into much more efficient synchronous communication based on UNIX domain sockets.

An in-memory copy-on-write file system automatically resets the filesystem state without requiring user intervention. A method has been developed to automatically infer the point where the application has finished initialization, which significantly speeds up fuzzing.

SnapFuzz need to leverage on binary rewriting, which will efficiently intercept all system calls of the application under fuzzing and gives full control to SnapFuzz to dictate how the application should interact with its environment, and particularly the fuzzer

SnapFuzz has been used in  five popular networking applications testing like LightFTP, TinyDTLS, Dnsmasq, LIVE555, and Dcmqrscp. They were able to achieve impressive speed improvements of 60x, 40x, 30x, 25x, and 8x. SnapFuzz is still work in progress that has only been tested on well-established benchmarks. will take some time to wider coverage

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.