StateAFL: Greybox fuzzing for stateful network servers

Fuzzing network servers is a technical challenge, since the behavior of target server depends on its state over sequence multiple messages. Existing solutions are costly and difficult to use, as they rely manually-customized artifacts such protocol models, parsers, learning frameworks. The aim this work develop greybox fuzzer (StateaAFL) for that only relies lightweight analysis program, with no manual customization, in similar way what AFL achieved stateless programs. proposed instruments at compile-time, insert probes memory allocations I/O operations. At run-time, it infers current by taking snapshots long-lived areas, applying fuzzy hashing algorithm (Locality-Sensitive Hashing) map contents unique identifier. incrementally builds machine guiding fuzzing. We implemented released StateaAFL open-source software. As basis reproducible experimentation, we integrated large set popular protocols, customization accomodate protocol. experimental results show can be applied achieve comparable, or even better code coverage bug detection than customized Moreover, our qualitative shows states inferred from reflect using response codes