LibAFL is a fuzzing framework written in RUST. Fuzzing is an automatic vulnerability detection approach. During the fuzzing process, the fuzzer will inject an amount of invalid malformed, or unexpected inputs into a target software, and observe whether the target software has exceptions. LibAFL splits a fuzzer into different components and provides essential parts in each component, which makes it possible to write your customized fuzzer.
As mentioned on the project description page, the goal of the project is to add AFL-style UI to the TUI monitor. AFL is a popular and classical fuzzing tool, which has a good style TUI. Though the UI of LibAFL is very simple, users hardly obtain the information they need, so I need to implement an AFL-style UI, which provides more helpful information than ever and helps users obtain the status of every running fuzzer.
As a result of this project, I have finished the following work. Firstly, I designed the layout of TUI with my mentor, we decreased many unnecessary entries of AFL’s UI and remained the most useful things. Secondly, I added the four metrics “pending”, “pend_fav”,”own_finds” and “imported” into LibAFL. Those metrics reflect the running status of a fuzzer. Thirdly, I implemented the whole AFL-style UI of LibAFL, which shows not only the overall stats but also the stats of every running fuzzer.
The whole UI is composed of three sections the overall stats section, the client stats section, and the client log section. Those respectively make up 20 lines, 14 lines, and 6 lines in height.
The four metrics have the following meaning:
- Pending: the number of inputs that have not gone through any fuzzing yet
- Pend_fav: the number of
favored
test cases that have not gone through any fuzzing yet. - Imported: the number of test cases that are imported from other fuzzer instances.
I calculate the four metrics in the stage section of LibAFL.
Here is my PR about this function:
AFLplusplus/LibAFL#1432
I took advantage of the tui-rs library to draw the whole UI. Tui-rs is a rust library to build rich terminal user interfaces and dashboards. Firstly, I connect the UI monitor to the broker that relays the stats message from every client fuzzer, so the UI monitor can collect the status information of the running fuzzer. Through those stats, I use the user interfaces of tur-rs to draw the UI. Here is my PR about this function: AFLplusplus/LibAFL#1432
I will implement a demo in the ./fuzzer to tell users how to build a fuzzer with an AFL-style UI and write the related document.
I am very glad to attend this Gsoc project. Through this project, I improved my English communication ability, My poor spoken English made me realize mastering a foreign language is very important. Meanwhile, I learned a new computer language Rust, and am familiar with the framework of LibAFL. In all, I have benefited a lot from this project. Finally, I want to thank my mentors, they helped me a lot!
I also implemented some function extensions and fixed some bugs during the project. such as: AFLplusplus/LibAFL#1248