AFL++ : Combining Incremental Steps of Fuzzing Research
Andrea Fioraldi, Sapienza University of Rome; Dominik Maier, TU Berlin; Heiko Eißfeldt; Marc Heuse, The Hacker's Choice
In this paper, we present AFL++, a community-driven open-source tool that incorporates state-of-the-art fuzzing research, to make the research comparable, reproducible, combinable and - most importantly - useable. It offers a variety of novel features, for example its Custom Mutator API, able to extend the fuzzing process at many stages. With it, mutators for specific targets can also be written by experienced security testers. We hope for AFL++ to become a new baseline tool not only for current, but also for future research, as it allows to test new techniques quickly, and evaluate not only the effectiveness of the single technique versus the state-of-the-art, but also in combination with other techniques. The paper gives an evaluation of hand-picked fuzzing technologies - shining light on the fact that while each novel fuzzing method can increase performance in some targets - it decreases performance for other targets. This is an insight future fuzzing research should consider in their evaluations.
View the full WOOT '20 program at https://www.usenix.org/conference/woot20/workshop-program