Harder, Better, Faster Fuzzer: Advances in BlackBox Evolutionary Fuzzing presented at HackInTheBox 2014

by Fabien Duchene,

Summary : Fuzzing (aka Fuzz-Testing) consists of automatically creating and evaluating inputs towards discovering vulnerabilities. Traditional undirected black-box fuzzing may only rely on a limited number of strategies for producing inputs and thus may not be efficient to find a broad range of local optima.
In this work, we combine artificial intelligence and security testing techniques to guide the fuzzing via an evolutionary algorithm. Our work is the first application of a genetic algorithm for black-box fuzzing when searching for vulnerabilities. We designed heuristics for fuzzing PDF interpreters searching for memory corruption vulnerabilities and for fuzzing websites for cross site scripting. Our evolutionary fuzzers ShiftMonkey and KameleonFuzz outperform traditional black-box fuzzers both in vulnerability detection capabilities and efficiency. We report new results with those fuzzers, including vulnerabilities that affect millions of users.