CentresCISPA Helmholtz Center for Information Security
KeywordsSoftware Engineering Software Testing Fuzzing Secure Software Automated Test Generation
Scientific communitySoftware Engineering, Software Testing
Programming LanguagesPython, C++
FormatFuzzer – Efficiently Generate High-Quality Binary Inputs
Software has bugs, and catching bugs can involve lots of effort. Fuzzing addresses this problem by automating software testing, specifically by generating tests automatically. Effective fuzzing of programs that process structured binary inputs, such as multimedia files, is a challenging task, since those programs expect a very specific input format. Existing fuzzers, however, are mostly format-agnostic, which makes them versatile, but also ineffective when a specific format is required.
FormatFuzzer is a framework for high-efficiency, high-quality generation and parsing of binary inputs. It takes a binary template that describes the format of a binary input and generates an executable that produces and parses the given binary format. From a binary template for GIF, for instance, FormatFuzzer produces a GIF generator - also known as GIF fuzzer.
Generators produced by FormatFuzzer are highly efficient, producing thousands of valid test inputs per second - in sharp contrast to mutation-based fuzzers, where the large majority of inputs is invalid. By default, FormatFuzzer operates in black-box settings, but can also integrate with AFL++ to produce valid inputs that also aim for maximum coverage.
Back to Software Spotlights Overview