<div dir="ltr">Thanks, Daniel, that is also a great idea. I am trying to see if I can get the standard fuzzers like AFL to work for my use case, but if I can't then I will try the idea you suggested. </div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Aug 5, 2021 at 8:39 PM Ed Daniel <<a href="mailto:esdaniel@esdaniel.com">esdaniel@esdaniel.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On 05/08/2021 13:37, Siva Kakarla wrote:<br>
> Hello Everyone,<br>
> <br>
> I am trying to understand and set up a fuzzer for the Bind DNS<br>
> implementation. My current goal is to fuzz the authoritative server with<br>
> queries. <br>
> <br>
> I have looked around and came across different fuzzing engines, but I<br>
> have some trouble and some questions getting it to work. If anyone has<br>
> anything to comment on, please reply, and that would be really helpful.<br>
> <br>
>  1. I configured with |CC=/path/to/afl/afl-clang./configure<br>
>     --enable-fuzzing=afl| or |afl-clang-fast| to enable fuzzing. Then, I<br>
>     did make and  make install.  I then tried fuzzing the |named| binary<br>
>     with |afl-fuzz -i fuzz/<a href="http://dns_message_parse.in/" rel="noreferrer" target="_blank">dns_message_parse.in/</a><br>
>     <<a href="http://dns_message_parse.in/" rel="noreferrer" target="_blank">http://dns_message_parse.in/</a>> -o findings /usr/local/sbin/named<br>
>     -g|but then it stops immediately, saying|the program crashed with<br>
>     one of the test cases provided|. <br>
>      1. How to fuzz the |named|binary with queries?<br>
>      2. How to get the seed input in raw format? <br>
>      3. Honggfuzz <br>
>         <<a href="https://github.com/google/honggfuzz/tree/master/examples/bind" rel="noreferrer" target="_blank">https://github.com/google/honggfuzz/tree/master/examples/bind</a>>seems<br>
>         to fuzz the named binary, but it produced too many files as<br>
>         crash reports within a minute. I have asked about it on<br>
>         their GitHub <<a href="https://github.com/google/honggfuzz/issues/408" rel="noreferrer" target="_blank">https://github.com/google/honggfuzz/issues/408</a>>.<br>
>         Anyone that worked with Honggfuzz, please reply. <br>
>  2. A separate fuzz folder<br>
>     <<a href="https://gitlab.isc.org/isc-projects/bind9/-/tree/main/fuzz" rel="noreferrer" target="_blank">https://gitlab.isc.org/isc-projects/bind9/-/tree/main/fuzz</a>> contains functions<br>
>     to fuzz small sections of the code. <br>
>      1. Was this created to improve coverage and modularity? (In the<br>
>         sense, can't |named| be fuzzed directly using the above setup?) <br>
>      2. I could get them running with |oss-fuzz| but how to run them<br>
>         with |afl-fuzz|? The README <br>
>         <<a href="https://gitlab.isc.org/isc-projects/bind9/-/blob/main/fuzz/FUZZING.md" rel="noreferrer" target="_blank">https://gitlab.isc.org/isc-projects/bind9/-/blob/main/fuzz/FUZZING.md</a>>mentions<br>
>         linking the files; can you please tell me how to do that?<br>
>  3. How to decode the packets given<br>
>     in <a href="https://gitlab.isc.org/isc-projects/bind9/-/tree/main/fuzz/dns_message_parse.in" rel="noreferrer" target="_blank">https://gitlab.isc.org/isc-projects/bind9/-/tree/main/fuzz/dns_message_parse.in</a><br>
>     <<a href="https://gitlab.isc.org/isc-projects/bind9/-/tree/main/fuzz/dns_message_parse.in" rel="noreferrer" target="_blank">https://gitlab.isc.org/isc-projects/bind9/-/tree/main/fuzz/dns_message_parse.in</a>>?<br>
>     How to add a new packet to the corpus? (How to convert into a raw<br>
>     packet?)<br>
<br>
Why not re-purpose a password fuzzer, instead of passwords you'd be<br>
spawning FQDNs, which you could pipe to mdig or other dns client?<br>
<br>
_______________________________________________<br>
Please visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br>
<br>
ISC funds the development of this software with paid support subscriptions. Contact us at <a href="https://www.isc.org/contact/" rel="noreferrer" target="_blank">https://www.isc.org/contact/</a> for more information.<br>
<br>
<br>
bind-users mailing list<br>
<a href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br>
</blockquote></div>