Questions tagged [fuzzing]
Testing software by presenting it with invalid input to find errors in input validation and handling.
fuzzing
271
questions
0
votes
0
answers
35
views
+100
Moving logging functionalities further out of test code
Context
To verify the relevant test cases are reached during fuzz testing with foundry, I wrote a system that creates a new log file at the start of a fuzz test, and then uses that to log the which ...
0
votes
1
answer
20
views
How to use AFL to test functions with struct parameters?
I am new to fuzz. Due to the supervisor's task, I am testing a series of small functions whose parameters are structures, such as
struct Node{
int a;
float b;
}
void foo(Node node){...}
And ...
0
votes
0
answers
13
views
Can we perform selective injections as a payload to test vulnerabilities in zap with python?
We are trying to see a possibility of performing selective injections like SQL injection, XSS injection etc., as a payload in fuzzing to test vulnerabilities in web applications with python.
Use-case:
...
2
votes
0
answers
48
views
Code coverage relative to the entire project
I'm trying to get coverage of a go application regarding an entire project.
But I get a report that only includes those files that the tests “touch”
I have several files with golang tests:
...
1
vote
0
answers
36
views
looking for a memory efficient data structure for slightly different HTTP flows
I'm trying to create an HTTP fuzzing API in python in which I wish to store HTTP requests and responses for later analysis like searching whole content and viewing requests and responses, now as I'm ...
0
votes
0
answers
37
views
How do I deterministically generate strings from a grammar to test a program?
I'm currently learning about fuzzing and testing and there's a part that I'm not too sure how to do.
I am given grammars like this:
grammar = {
"<start>": ["<product>;&...
0
votes
0
answers
29
views
speed of AFL fuzzing concern
Is it normal that WinAFL in this case takes so much time to find a crash with such a simple program like test_gdiplus.exe which comes by default with WinAFL and only weights 13 KB? Like in this ...
0
votes
0
answers
45
views
Strange behavior of global go variable in c-archive compiled library
everyone.
Right now I'm writing my "scientific work" about fuzzing and I've got a problem with something in my fuzzing lib.
I try to fuzz go-ethereum lib (specificly bn256 part of it):
go-...
0
votes
1
answer
98
views
Clang coverage generates empty default.profraw file
I am doing fuzz testing to a library and using clang coverage to obtain code coverage. This is the command I run:
m smp-fuzzer-cov
LLVM_PROFILE_FILE="/scratch/smp-fuzzer-out/default.profraw" ...
0
votes
0
answers
33
views
oss-fuzz does not cover the code after if - else in C code
I am studying the Oss-fuzz and found the following strange behavior, which I cannot understand.
I created a simple C project with the only function with 3 branches (if incoming values equal 0, 32 and ...
1
vote
2
answers
105
views
compile syzkaller fuzzer failed without any error or warning
I encountered an issue while compiling syzkaller (a customized version of syzkaller, based on syzkaller commit a371c43c33b6f901421f93b655442363c072d251,Compiling on this commit was successful).
When ...
0
votes
0
answers
27
views
Unable to use Jazzer due to compilation error
I am new to fuzz testing. I tried jazzer to fuzz test by setting it up in my windows PC. I have the required "java_standalone.jar" in the same path with the code I am trying to test.
Here is ...
-1
votes
1
answer
190
views
Fuzz testing with Playwright and gremlins.js
I am trying to set up Playwright together with gremlins.js to launch what they call horde of gremlins at a web app at a particular URL.
The idea is that if the web app at this URL throws any errors ...
1
vote
0
answers
328
views
Error compilingLLVMFuzzerTestOneInput DWARF error: invalid or unhandled FORM value: 0x25
My Project consists of the following
XPDF:
build with
wget https://dl.xpdfreader.com/old/xpdf-3.02.tar.gz
tar -xvzf xpdf-3.02.tar.gz
sudo apt update && sudo apt install -y build-essential gcc
...
0
votes
0
answers
44
views
does anyone use jazzer to fuzz on android binder service
There is a java binder Service fuzzer example on source.android.com,the title of document is aidl fuzzing,I don't know how to use java API of jazzer,I got a jar file compiled from fuzzer and I don't ...