Summary: | Fuzz testing, or fuzzing, is the automated testing of software by providing ran-
dom inputs to the program under test. With advances in fuzzing research and
ready-made fuzzers like AFL++, fuzzing has became a powerful tool in software
testing. This final year project first explores the idea of improving fuzzing speed
by parallelizing the input generation part of the fuzzer in the fuzzing library
LibAFL. It includes an analysis of the fuzzing process from a performance per-
spective and reasoning of why this parallelization idea ultimately cannot work.
Then, the project pivots to applying ready-made fuzzing tool AFL++ to fuzz
an open source software. The report details all parts of this fuzzing campaign:
preparation of environment, development of custom fuzzing harness, monitoring
and optimization of fuzzing process, crash triage, and disclosure. Several bugs
were identified as a result of this fuzzing campaign. Above all else, this project
is a learning process for me to dive into the topic of fuzzing.
|