Skip to content
/ sbt-fizzer Public

Experimental implementation of gray-box program fuzzing.

License

View license
5 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

staticafi/sbt-fizzer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

439 Commits
benchmarks
benchmarks
 
 
setup/VSCode
setup/VSCode
 
 
src
src
 
 
.gitignore
.gitignore
 
 
CMakeLists.txt
CMakeLists.txt
 
 
LICENSE.txt
LICENSE.txt
 
 
README.md
README.md
 
 
build.py
build.py
 
 
build.sh
build.sh
 
 

Repository files navigation

SBT-Fizzer

The name is an acronym, where SBT stands for Symbiotic https://github.com/staticafi/symbiotic, and Fizzer is a mixture of FI representing our faculty and fuzzer.

SBT-Fizzer is a codebase and playground for students interested in dynamic program analysis and gray-box fuzzing in particular.

License

SBT-Fizzer is available under the zlib license. It is included as file LICENSE.txt into the repository: https://github.com/staticafi/sbt-fizzer-private

Target platforms

The primary target platform is PC running either Windows 10 (or later) or Ubuntu 22.04 (or later) operating systems.

NOTE: Although SBT-Fizzer can be built on Windows 10, there are still issues running LLVM instrumentation. So, using the project under Windows is still under construction.

Software dependencies

The following software must be installed on your computer before you can start with the age project:

Downloading SBT-Fizzer

We do not provide SBT-Fizzer in binary form. That means you must download the source code and then build it.

The recommended way of obtaining the source code is via Git. You can either clone or fork SBT-Fizzer's repository. Cloning is recommended for members of the SBT-Fizzer project with Developer rights. Forking is then for everyone else. Both procedures are described in the subsections below.

NOTE: Alternatively, you can also download a ZIP package with the source code from the project's website: https://github.com/staticafi/sbt-fizzer-private

Cloning

Create a new directory on the disk for SBT-Fizzer. Let <SBT-Fizzer-root-dir> be the full path to that directory. Now open the console and type there these commands:

cd <SBT-Fizzer-root-dir>
git clone https://github.com/staticafi/sbt-fizzer-private.git .

Forking

First, you need to go to GitHub and make a fork of SBT-Fizzer project:

Now clone the forked project. The procedure is the same as in the Cloning subsection above, except the URL in the git clone command, which must reference your forked repository.

Integrating vcpkg

Before we can build SBT-Fizzer in VS Code, we must let VS Code know where vcpkg is installed (because it contains SW packages SBT-Fizzer needs during the build process). We must create the file

<SBT-Fizzer-root-dir>/.vscode/settings.json

with this content:

{
    "cmake.configureSettings": {
        "CMAKE_TOOLCHAIN_FILE": "<vcpkg-install-dir>/scripts/buildsystems/vcpkg.cmake",
        "CMAKE_BUILD_TYPE": "${buildType}"
    }
}

where <vcpkg-install-dir> must be replaced by the actual installation directory of vcpkg.

NOTE: When working on Windows, VS Code may have created a "global" settings file here:

<user-dir>/AppData/Roaming/Code/User/settings.json

Instead of creating the new settings file as described above, you can just update this existing "global" setting file by adding the section:

    "cmake.configureSettings": {
        "CMAKE_TOOLCHAIN_FILE": "<vcpkg-install-dir>/scripts/buildsystems/vcpkg.cmake",
        "CMAKE_BUILD_TYPE": "${buildType}"
    }

The advantage of this approach is that the vcpkg integration with VS Code would work for all CMake C++ projects on your computer (including SBT-Fizzer of course).

Building SBT-Fizzer

Open Microsoft Visual Studio Code and in the main menu choose: File/Open Folder... and open the SBT-Fizzer's directory <SBT-Fizzer-root-dir>.

Now you should be able to build SBT-Fizzer the same way as any other CMake C++ application. All needed information is available here: https://code.visualstudio.com/docs/cpp/introvideos-cpp

Once you successfully build the install target, you can find the built binaries under the dist directory.

Usage

You can use the compiled binaries either via VS Code or manually in a terminal.

Running binaries in VS Code

First you need to build benchmark(s). So, go to the debugger tab (Ctrl+Shift+D) and select the target Benman @ dbg. Then press F5 to start benchmark building. By editing this target in launch.json file under .vscode folder you can specify what benchmarks to build. By default this is set to all, meaning that all benchmarks are compiled.

Now you can debug the fuzzer (server). In the debugger tab select the target run server. Then press F5 to start debugging. By editing this target in launch.json file under .vscode folder you can specify what benchmark will be analyzed during the debug session. The default setting is one randomly chosen benchmark.

Running binaries in terminal

The scripts/binaries are found in dist/tools

Instrumenting the target program:

sbt-fizzer_instrument [-h] [--output_dir OUTPUT_DIR] target_file

Building the fuzz target:

sbt-fizzer_build_target [-h] [--output_dir OUTPUT_DIR] [--no_instrument | --instrument FLAGS] target_file

Instrumenting, building, and running fuzzing in one:

sbt-fizzer [-h] [--output_dir OUTPUT_DIR] [--no_instrument | --instrument FLAGS] [--clang FLAGS] [--max_seconds SECONDS] target_file

About

Experimental implementation of gray-box program fuzzing.

Resources

Readme

License

View license
Activity
Custom properties

Stars

5 stars

Watchers

6 watching

Forks

1 fork
Report repository

Releases

23 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages