Fuzzing of servers
MTRNord opened this issue · comments
Hi I am wondering to fuzz a server with this.
So meaning instead of calling functions I would love to fuzz http endpoints. Is that possible with this crate or is it possible to do this with the crate? The macro seems like it is very focused around libraries running inside of it and less about binaries.
Hi, @MTRNord.
The macro seems like it is very focused around libraries running inside of it and less about binaries.
You actually don't have to use afl.rs with the macro. cargo afl
is essentially a wrapper around cargo that configures its environment to compile with AFL instrumentation. So you could, for example, use cargo afl build
to build an executable that reads from standard input, and then use cargo afl fuzz OPTIONS -- /target/debug/executable
to fuzz it.
Mind you, this approach will fork a new process for each test case, which is slower than what the macro would do. A colleague of mine recently ran an experiment, and IIRC the macro was about 20 times faster than forking.
Having said all that, there's no built in mechanism for hooking network interfaces. So you would have to, say, modify the server to read from standard input instead of the network.
Does this help?
As I investigated further on the server side (here it is rocket based) it may be possible to make that to go via stdin. 🤔 Using the macro I hit all kind of issues as (sadly) rust is very async focused. I am aware that it isn't optimal for fuzzing but sometimes it goes like this 😅 I will try out your suggestion :) thanks for the idea!
Seems like this is working pretty well now :) Thanks for the suggestion,
Glad to hear it!!!