W dniu 18.02.2016 o 17:01, Steffan Karger pisze: > Hi d33tah, > > On Thu, Feb 18, 2016 at 2:28 PM, Jacek Wielemborek <d33...@gmail.com> wrote: >> I had been fascinated by afl-fuzz for quite a couple months so far and >> based on how efficient it is in finding bugs in open source projects, >> I'd like to ask the OpenVPN community whether somebody here tried out >> this tool on this project. >> >> If not, you might be interested in my project that automates >> recompilation of openvpn with afl-gcc: >> >> https://github.com/d33tah/aflize >> >> Just run "aflize openvpn" and you'll get build environment ready in minutes. >> >> Let me know if you'd like any help fuzzing OpenVPN, I'd be happy to >> assist you guys :) > > Thank you. This has been on my todo-list for ages now, but never got > around to doing something with it. > > I'm not aware of any openvpn fuzzing with tools like afl. OpenVPN > does have an internal, simple, fuzzer for network traffic, which > randomly flips bits. Look for 'gremlin' in the source. > > -Steffan
I'd have to know more about this gremlin to be able to tell whether it could help in fuzzing OpenVPN with AFL. Definitely doing more than just randomly flipping bits would help - AFL would use a genetic algorithm that would watch for changes in code coverage based on input mutations. The thing is that in order to fuzz it most efficiently, it would be good to modify the server to use stdin/stdout (or dev null) for network I/O and terminate after handling a single connection. Also, we would need to disable any checksums, compression or encryption. How difficult would that be?
signature.asc
Description: OpenPGP digital signature
