fuzzuf (fuzzing unification framework) is a fuzzing framework with its own DSL to describe a fuzzing loop by constructing building blocks of fuzzing primitives.
Benefits of using fuzzuf
There are mainly four advantages of writing fuzzers on fuzzuf framework:https://0ab8647a898691e8af3eeea5dac0d88d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
- Can describe a fuzzing loop with combinations of each fuzzing primitive
fuzzuf constructs a fuzzing loop with a combination of fuzzing primitives (an individual step in a fuzzing loop) like building blocks. Since each block can be appended, removed, replaced, and resuable, fuzzuf can keep the high modularity of every fuzzing loop defined.
- A flexible, user-definable fuzzing loops
Since existing fuzzing frameworks tend to have fixed, or hard-coded fuzzing loops inside the frameworks themselves, their users could not manipulate their behaviors. fuzzuf can assign and implement a routine for each fuzzing primitive divided, and describe and modify the structure of a fuzzing loop as a user wants.
- Easy to compare a derived fuzzer to its original
It is not rare that fuzzing researchers and enthusiasts fork an existing fuzzer to implement their own idea on top of it. As a matter of fact, a lot of academic works have showcased numerous AFL-based fuzzers reflecting their idea. By leveraging fuzzuf DSL’s building block-like characteristics and reusing existing fuzzing primitives, users can highly accelerate their new fuzzer’s development process. Moreover, by comparing the diffs of DSLs between the original fuzzer and its derivatives, the enhancements can smoothly be spotted at a glance (not only for users themselves but also for reviewers and other researchers).
- AFL fuzzer as a template
On fuzzuf, AFL is available as a fuzzer (C++) template as well. This means that the cost to implement and review a new or existing AFL-based fuzzer has been lowered a lot by utilizing it. For example, fuzzuf’s AFLFast is built upon this template. Only a few modifications in routines and a struct which records a fuzzer state are required to change, and it keeps its original’s flow unchanged.