Fuzzing Bind
Siva Kakarla
sivakesava1 at gmail.com
Thu Aug 5 16:57:16 UTC 2021
Thanks, Daniel, that is also a great idea. I am trying to see if I can get
the standard fuzzers like AFL to work for my use case, but if I can't then
I will try the idea you suggested.
On Thu, Aug 5, 2021 at 8:39 PM Ed Daniel <esdaniel at esdaniel.com> wrote:
> On 05/08/2021 13:37, Siva Kakarla wrote:
> > Hello Everyone,
> >
> > I am trying to understand and set up a fuzzer for the Bind DNS
> > implementation. My current goal is to fuzz the authoritative server with
> > queries.
> >
> > I have looked around and came across different fuzzing engines, but I
> > have some trouble and some questions getting it to work. If anyone has
> > anything to comment on, please reply, and that would be really helpful.
> >
> > 1. I configured with |CC=/path/to/afl/afl-clang./configure
> > --enable-fuzzing=afl| or |afl-clang-fast| to enable fuzzing. Then, I
> > did make and make install. I then tried fuzzing the |named| binary
> > with |afl-fuzz -i fuzz/dns_message_parse.in/
> > <http://dns_message_parse.in/> -o findings /usr/local/sbin/named
> > -g|but then it stops immediately, saying|the program crashed with
> > one of the test cases provided|.
> > 1. How to fuzz the |named|binary with queries?
> > 2. How to get the seed input in raw format?
> > 3. Honggfuzz
> > <https://github.com/google/honggfuzz/tree/master/examples/bind
> >seems
> > to fuzz the named binary, but it produced too many files as
> > crash reports within a minute. I have asked about it on
> > their GitHub <https://github.com/google/honggfuzz/issues/408>.
> > Anyone that worked with Honggfuzz, please reply.
> > 2. A separate fuzz folder
> > <https://gitlab.isc.org/isc-projects/bind9/-/tree/main/fuzz> contains
> functions
> > to fuzz small sections of the code.
> > 1. Was this created to improve coverage and modularity? (In the
> > sense, can't |named| be fuzzed directly using the above setup?)
> > 2. I could get them running with |oss-fuzz| but how to run them
> > with |afl-fuzz|? The README
> > <
> https://gitlab.isc.org/isc-projects/bind9/-/blob/main/fuzz/FUZZING.md
> >mentions
> > linking the files; can you please tell me how to do that?
> > 3. How to decode the packets given
> > in
> https://gitlab.isc.org/isc-projects/bind9/-/tree/main/fuzz/dns_message_parse.in
> > <
> https://gitlab.isc.org/isc-projects/bind9/-/tree/main/fuzz/dns_message_parse.in
> >?
> > How to add a new packet to the corpus? (How to convert into a raw
> > packet?)
>
> Why not re-purpose a password fuzzer, instead of passwords you'd be
> spawning FQDNs, which you could pipe to mdig or other dns client?
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210805/22edc091/attachment.htm>
More information about the bind-users
mailing list