Brussels / 30 & 31 January 2016

schedule

UI event fuzzing via american-fuzzy-lop

using afl to fuzz keyboard input for UI testing LibreOffice


We use american-fuzzy-lop for fuzzing various file formats that LibreOffice supports. Here I demo some amusing hackery to use afl to fuzz a stream of keyboard events in order to attempt to flush out unknown or difficult to reproduce bugs.

American fuzzy lop (http://lcamtuf.coredump.cx/afl/) is a security-oriented fuzzer that employs a novel type of compile-time instrumentation and genetic algorithms to automatically discover clean, interesting test cases that trigger new internal states in the targeted binary.

Typically its used for file format fuzzing. In this case the file format is a trivially serialized sequence of keystrokes, allowing afl to be an engine to drive the LibreOffice UI to generate test cases that crash LibreOffice via user events.

Speakers

Caolán McNamara

Links