This is the project idea & instruction for running the FuzzLop.

To make hybrid fuzzing easier and more user-friendly, we designed a GUI application - FuzzLop Hybrid Fuzzer.

This application is able to perform mono/hybrid fuzzingand provide the user with straightforward information about fuzzing tasks in an easy-to-use fashion, which enables an ordinary user who is puzzled by the complicated commandline instructions but wants to perform hybrid fuzzing.

FuzzLop is able to incorporate three mainstream fuzzers(AFL, LibFuzzer, AFL-Fast) and perform fuzzing jobs using user's configurations.

FuzzLop also offers more accessible ways to check run-time stats and crashstats in just a few clicks of buttons, which is far more user-friendly than typing commandlines and do information gathering jobs by users themselves.

The architecture of this software is shown in figure 1.1.

In summary, this software offers hybrid fuzzing with three mainstream fuzzers in an easy-to-use fashion. It also provides run-time and crash statistics checking function, which makes it more practical than traditional fuzzers with command line instructions.

1. Prerequisites:

To run the FuzzerLop software, the following packages are needed:

- AFL (2.52b)
	http://lcamtuf.coredump.cx/afl/
- AFLFast
	https://github.com/mboehme/aflfast
- LibFuzzer
	this is a part of clang 6.x.
- Qt Creator
	https://www.qt.io/download

The program can run only after all four prerequisites are installed and properlly configured.

This program is developed and run on Linux 16.04 x64.

*caution:

• AFL need to be configured properly as it may have core_pattern error message first time

• LibFuzzer only comes with clang 6.x, which is only available on 64-bit OS.

• Qt 5.x may or may not have issue with Ubuntu 18.04. It may require mesa-dev packages.

2. Run the GUI

This software has two major functions:

• Hybrid Fuzzing

  FuzzLop is able to incorporate three mainstream fuzzers(AFL, LibFuzzer, AFL-Fast) and perform fuzzing jobs using user's configurations.

• Statistics Checking

  FuzzLop offers more accessible ways to check run-time stats and crashstats in just a few clicks of buttons, which is far more user-friendly than typing commandlines and do information gathering jobs by users themselves.

EXECUTE PROCESS:

• Set Configurations

  Firstly, user has to set the fuzzing job's directories, specify the executable, specify the number of fuzzers to run in parallel, and select the fuzzer engines (figure 2.1).

  

  The fuzzer engines will be initialized accordingly, which includes making input and output directories, compiling the project with fuzzer engines, and fuzz the executable. If the user chooses the hybrid mode (which runs more than one type of fuzzer at the same time), the FuzzerLop will also do seed synchronization.

• Start Fuzzing (figure 2.1):

  

  Lastly, after the software started the fuzzer engines, run-time statistics will be generatedand updated periodically. The FuzzLop offers run-time statistics and crashes statisticschecking functions.

• Check Run-Time Statistics (figure 3.1):

  After starting the fuzzer engines, run-time statistics will be generated and updated periodically. FuzzLop will gather the statistics generated by each fuzzer engine and display them in the text area.

  

  Plotting function generates the historical statistics for current fuzzer’s path coverage, hangs and crashes information, as well as the execution speed (shown in figure 3.2).

  

• Check Crash Statistics (figure 3.3):

  User can use the get crash list button. All unique crashes found by each fuzzers will be displayed in software’s text area.

  User can use check crash button to open each file and inspect the input which caused the crash.

  

In this project, there are two folders, ./fuzzlop and ./target

1. ./fuzzlop:

• ./fuzzlop/4-1QDialogDemo

  This directory contains the source code for the design of FuzzLop GUI, this project can be opened by Qt Creator 5.x.

• ./fuzzlop/build:

  This directory is the default building path for FuzzLop project. The files are generated by Qt Creator using Qmake.

  • ./fuzzlop/build/scripts:

    This directory contains the scripts calling the fuzzer engines and the generated text files which stores the user configurations.

  • pwd.txt

    This file stores the user configuration defined in "set configuration" part of the GUI.

  • mod*.sh

    mod1.sh - mod4.sh are four bash scripts which make the target application and run the fuzzers. It is called when user click "run" button in GUI.

  • stop.sh

    This bash script terminatees all the fuzzers running. It is called when user click "stop" button in GUI.

2. ./target:

• ./target/fuzzgoat:

  This directory contains the example target for fuzzing. fuzzgoat is described in the final report of this project.

  • ./target/fuzzgoat/in

    This is the example input folder for fuzzing. This folder contains seeds, and can not be empty!

  • ./target/fuzzgoat/out

    This is the example output folder for fuzzing. This folder contains all fuzzers and their information. This folder is created on the run.

  • ./target/fuzzgoat/crashes

    This is the example folder which stores the crash information. This folder contains all unique crrashes found by each fuzzer. This folder is created when user click "get crash list" in GUI.

• ./target/seed:

  This directory is generated on-the-run. When LibFuzzer is called, it will generate seed for hybrid fuzzing, all the interesting seeds will be extracted and stored here.

• ./target/get_seed.sh & gen_seed_new.py

  These two scripts are used to pass configurations to LibFuzzer, generate seeds and extract them.