Giter Club home page Giter Club logo

sockfuzzer's Introduction

SockFuzzer

This repository contains SockFuzzer, a fork of XNU that contains support for fuzzing the network stack in userland on macOS and Linux-based hosts.

Building and Using the Fuzzer

Build the fuzzer the same way you would typically build a project using CMake for your platform. For example:

$ mkdir build; cd build
$ cmake -GNinja ..
$ ninja

You can now run the net_fuzzer binary, optionally providing parameters as described in the libFuzzer documentation.

A Dockerfile is included which shows how to prepare a Debian environment to build the project. Feel free to use this container to build and run the fuzzer.

Extending the Fuzzer

This project is currently an all-in-one fuzzer for XNU networking. You can extend it by adding additional targets to CMakeLists.txt or by extending the existing network target. Nothing about this project specifically prevents the testing of additional non-networking subsystems, so feel free to extend it to test other areas.

Generating and Reviewing Coverage Reports

Coverage reports are an important way to review the quality of the current fuzzer implementation. On Linux, a net_cov binary is generated containing LLVM's source based code-coverage instrumentation.

At the time of writing, the following commands product an HTML coverage report located in the report folder after running all of the testcases located in the corpus folder.

./net_cov corpus
llvm-profdata merge -sparse default.profraw -o default.profdata
llvm-cov show -format=html -output-dir=report -instr-profile=default.profdata net_cov

Importing upstream XNU releases

A macOS environment is needed to generate the new files. Unpack the new source tarball replacing third_party/xnu. Then run the following command, updating SDKROOT as needed. Then you can add BUILD/obj/EXPORT_HDRS and BUILD/obj/DEBUG_X86_64 to the git repo. You'll also need to rebase any changes to the original XNU sources. In some cases, the outer CMakeLists.txt must also be updated to reflect new or deleted source paths.

I use an upstream branch to facilitate merging my patches with the upstream changes.

# From inside third_party/xnu
$ make SDKROOT=macosx11.1 ARCH_CONFIGS=X86_64 KERNEL_CONFIGS=DEBUG
$ git add BUILD/obj/EXPORT_HDRS EXTERNAL_HEADERS

Disclaimer

This is not an official Google product.

sockfuzzer's People

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.