[Zeek] Persistent fuzzing implementation

Tim Wojtulewicz tim at corelight.com
Wed May 27 09:04:37 PDT 2020

We actually just added an implementation of fuzzing for use with OSS-Fuzz at the request of Google, including an implementation using LibFuzzer. If you want take a look at it, it’s mostly contained within the src/fuzzer directory. It currently only supports the POP3 analyzer and a basic packet fuzzer. If you want to add more, please feel free!


> On May 27, 2020, at 5:23 AM, Elena Bykovchenko <holgrain at protonmail.com> wrote:
> Hello. We are trying to implement Zeek fuzzing to find possible bugs in custom protocol analyzer. It seems like a good idea to make it persistent, i.e. start Zeek once and feed it with inputs from fuzzer - it should save a lot of time on initialization, scripts parsing, etc. Persistent fuzzing is usually implemented as a function with input buffer as an argument, like this: https://releases.llvm.org/5.0.0/docs/LibFuzzer.html#fuzz-target <https://releases.llvm.org/5.0.0/docs/LibFuzzer.html#fuzz-target>
> I'm not quite sure how to make it work with Zeek. Current design allows to use either PCAP file or network interface as a packet source, PCAP mode being non-persistent. Does anyone have a guideline for making Zeek able to process input from PCAP files in persistent way? Thanks.
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20200527/02e6ee10/attachment.html 

More information about the Zeek mailing list