Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is aflnwe fuzzing every state of the SUT or just the initial one? #5

Open
cristiandaniele opened this issue Sep 5, 2023 · 0 comments
Open

Is aflnwe fuzzing every state of the SUT or just the initial one? #5

cristiandaniele opened this issue Sep 5, 2023 · 0 comments

Comments

@cristiandaniele
Copy link

cristiandaniele commented Sep 5, 2023
edited
Loading

aflnwe aims to fuzz stateful systems. Unfortunately, since it restarts the SUT after every iteration, it seems to fuzz only the initial state (for instance, in LightFTP, the state in the SUT that lies before any authentication -- State 0 in figure).

Also by printing all the messages received by the LightFtp server, it seems aflnwe cannot explore in deep the state model. Am I missing something?

Screenshot 2023-09-05 at 09 24 10

These are the state coverage results I obtained on LightFTP:

  1. AFLNet

    Total states discovered: 5 \ 5. State coverage: 100%. Messages sent: 3898
    State: 0 - Hit: 3302
    State: 1 - Hit: 350
    State: 2 - Hit: 49
    State: 3 - Hit: 149
    State: 4 - Hit: 48

  2. aflnwe

    Total states discovered: 1 \ 5. State coverage: 20%. Messages sent: 1799
    State: 0 - Hit: 1799
    State: 1 - Hit: 0
    State: 2 - Hit: 0
    State: 3 - Hit: 0
    State: 4 - Hit: 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cristiandaniele