Skip to content

JeroenRobben/netfuzzlib

BranchesTags

Repository files navigation

netfuzzlib

CI License

netfuzzlib is an LD_PRELOADable library that lets you efficiently fuzz Linux network programs without creating a harness. It hooks and emulates network I/O-related syscalls in user-space, and fires a callback to the fuzzer upon certain events, such as when the target attempts to receive a packet, or when it is done processing all I/O. This lets you do network fuzzing and symbolic execution without requiring timeouts or a custom harness.
See also our paper.

Usage

To use netfuzzlib, you need to implement a shared library (called a netfuzzlib module) that implements the callbacks, and preload both into the target's address space.

A module for AFL++ and LibAFL (ForkserverExecutor) lives in modules/module-afl/. Example usage: dnsmasq under AFL++, redis under AFL++.

Writing a module

To use netfuzzlib with your own fuzzer, write a small shared library that implements four required callbacks: nfl_send, nfl_receive, nfl_tcp_connect, nfl_tcp_accept. See modules/module-hello-world/ for an example. See include/netfuzzlib/module_api.h for the full callback / module API.

Build

cmake -S . -B build && cmake --build build

Resulting libraries land in build/lib/.

Test with netcat:

LD_PRELOAD=$PWD/build/lib/libnetfuzzlib.so:$PWD/build/lib/libmodule-hello-world.so nc 1.2.3.4 5678

Run tests

Unit tests

ctest --test-dir build -LE integration

Integration tests

The integration tests run against common CLI tools (netcat, ifconfig, …) and network daemons (redis, dnsmasq, exim, …). The CLI cases run on the host, the daemon targets run inside a docker container. See test/integration/. The docker targets require the running user to have the permissions for creating docker containers, e.g., by being in the docker group or being root.

ctest --test-dir build -L integration             # all
ctest --test-dir build -L integration -LE docker  # skip docker-isolated targets
ctest --test-dir build -L docker                  # only docker-isolated targets

Questions

If you find a bug or have any questions, feel free to create a GitHub issue.

License

Dual-licensed under Apache-2.0 or MIT. Pick whichever you need.

Citing

If you use netfuzzlib in academic work, please use this BibTeX:

@inproceedings{robben2024netfuzzlib,
  author    = {Robben, Jeroen and Vanhoef, Mathy},
  title     = {Netfuzzlib: Adding First-Class Fuzzing Support to Network Protocol Implementations},
  booktitle = {Computer Security -- ESORICS 2024},
  pages     = {65--84},
  year      = {2024},
  publisher = {Springer Nature Switzerland},
  doi       = {10.1007/978-3-031-70890-9_4}}

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0, MIT licenses found

Licenses found

Apache-2.0
LICENSE-APACHE
MIT
LICENSE-MIT
Activity

Stars

12 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages