Thanks, Daniel, that is also a great idea. I am trying to see if I can get the standard fuzzers like AFL to work for my use case, but if I can't then I will try the idea you suggested.
On Thu, Aug 5, 2021 at 8:39 PM Ed Daniel <esdan...@esdaniel.com> wrote: > On 05/08/2021 13:37, Siva Kakarla wrote: > > Hello Everyone, > > > > I am trying to understand and set up a fuzzer for the Bind DNS > > implementation. My current goal is to fuzz the authoritative server with > > queries. > > > > I have looked around and came across different fuzzing engines, but I > > have some trouble and some questions getting it to work. If anyone has > > anything to comment on, please reply, and that would be really helpful. > > > > 1. I configured with |CC=/path/to/afl/afl-clang./configure > > --enable-fuzzing=afl| or |afl-clang-fast| to enable fuzzing. Then, I > > did make and make install. I then tried fuzzing the |named| binary > > with |afl-fuzz -i fuzz/dns_message_parse.in/ > > <http://dns_message_parse.in/> -o findings /usr/local/sbin/named > > -g|but then it stops immediately, saying|the program crashed with > > one of the test cases provided|. > > 1. How to fuzz the |named|binary with queries? > > 2. How to get the seed input in raw format? > > 3. Honggfuzz > > <https://github.com/google/honggfuzz/tree/master/examples/bind > >seems > > to fuzz the named binary, but it produced too many files as > > crash reports within a minute. I have asked about it on > > their GitHub <https://github.com/google/honggfuzz/issues/408>. > > Anyone that worked with Honggfuzz, please reply. > > 2. A separate fuzz folder > > <https://gitlab.isc.org/isc-projects/bind9/-/tree/main/fuzz> contains > functions > > to fuzz small sections of the code. > > 1. Was this created to improve coverage and modularity? (In the > > sense, can't |named| be fuzzed directly using the above setup?) > > 2. I could get them running with |oss-fuzz| but how to run them > > with |afl-fuzz|? The README > > < > https://gitlab.isc.org/isc-projects/bind9/-/blob/main/fuzz/FUZZING.md > >mentions > > linking the files; can you please tell me how to do that? > > 3. How to decode the packets given > > in > https://gitlab.isc.org/isc-projects/bind9/-/tree/main/fuzz/dns_message_parse.in > > < > https://gitlab.isc.org/isc-projects/bind9/-/tree/main/fuzz/dns_message_parse.in > >? > > How to add a new packet to the corpus? (How to convert into a raw > > packet?) > > Why not re-purpose a password fuzzer, instead of passwords you'd be > spawning FQDNs, which you could pipe to mdig or other dns client? > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users >
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users