[Zeek] Persistent fuzzing implementation

Elena Bykovchenko holgrain at protonmail.com
Wed May 27 05:23:06 PDT 2020

Hello. We are trying to implement Zeek fuzzing to find possible bugs in custom protocol analyzer. It seems like a good idea to make it persistent, i.e. start Zeek once and feed it with inputs from fuzzer - it should save a lot of time on initialization, scripts parsing, etc. Persistent fuzzing is usually implemented as a function with input buffer as an argument, like this: https://releases.llvm.org/5.0.0/docs/LibFuzzer.html#fuzz-target
I'm not quite sure how to make it work with Zeek. Current design allows to use either PCAP file or network interface as a packet source, PCAP mode being non-persistent. Does anyone have a guideline for making Zeek able to process input from PCAP files in persistent way? Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20200527/2dd5a9f2/attachment.html 

More information about the Zeek mailing list