AFL++’s mutation engine is optimized for compact data formats, such as images, multimedia, compressed data. However, the current AFL++ does not support grammar and therefore struggles with highly-structured inputs like PHP, JavaScript, or HTML . Although AFL++ allows users to define a dictionary, including language keywords, to help generate inputs, it still lacks more structured descriptions of the underlying syntax.

To tackle the existing limitations of AFL++, the main goal of this project is to develop a pluggable grammar mutator that is integrated with AFL++’s mutation engine and can efficiently generate grammar-aware inputs. On one hand, like Nautilus, we want to combine grammar mutators with AFL++’s mutation engine. Also, we want to avoid the potential limitation of Nautilus: “over time Nautilus de-generates to structure-unaware greybox fuzzing”, as indicated by AFLSmart paper. On the other hand, we want to generate test cases efficiently as F1 fuzzer. Furthermore, to improve usability, we will develop a program generator that takes the grammar model as input and generates a mutator library, which is based on AFL++’s custom mutator APIs.

Organization

Student

Shengtuo Hu

Mentors

  • Andrea Fioraldi
  • Marc Heuse
close

2020