On 05/08/2021 13:37, Siva Kakarla wrote: > Hello Everyone, > > I am trying to understand and set up a fuzzer for the Bind DNS > implementation. My current goal is to fuzz the authoritative server with > queries. > > I have looked around and came across different fuzzing engines, but I > have some trouble and some questions getting it to work. If anyone has > anything to comment on, please reply, and that would be really helpful. > > 1. I configured with |CC=/path/to/afl/afl-clang./configure > --enable-fuzzing=afl| or |afl-clang-fast| to enable fuzzing. Then, I > did make and make install. I then tried fuzzing the |named| binary > with |afl-fuzz -i fuzz/dns_message_parse.in/ > <http://dns_message_parse.in/> -o findings /usr/local/sbin/named > -g|but then it stops immediately, saying|the program crashed with > one of the test cases provided|. > 1. How to fuzz the |named|binary with queries? > 2. How to get the seed input in raw format? > 3. Honggfuzz > <https://github.com/google/honggfuzz/tree/master/examples/bind>seems > to fuzz the named binary, but it produced too many files as > crash reports within a minute. I have asked about it on > their GitHub <https://github.com/google/honggfuzz/issues/408>. > Anyone that worked with Honggfuzz, please reply. > 2. A separate fuzz folder > <https://gitlab.isc.org/isc-projects/bind9/-/tree/main/fuzz> contains > functions > to fuzz small sections of the code. > 1. Was this created to improve coverage and modularity? (In the > sense, can't |named| be fuzzed directly using the above setup?) > 2. I could get them running with |oss-fuzz| but how to run them > with |afl-fuzz|? The README > > <https://gitlab.isc.org/isc-projects/bind9/-/blob/main/fuzz/FUZZING.md>mentions > linking the files; can you please tell me how to do that? > 3. How to decode the packets given > in > https://gitlab.isc.org/isc-projects/bind9/-/tree/main/fuzz/dns_message_parse.in > > <https://gitlab.isc.org/isc-projects/bind9/-/tree/main/fuzz/dns_message_parse.in>? > How to add a new packet to the corpus? (How to convert into a raw > packet?)
Why not re-purpose a password fuzzer, instead of passwords you'd be spawning FQDNs, which you could pipe to mdig or other dns client? _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users