Running Fuzz Jobs

The Jobs Tab

When viewing a specific protocol project, click the Jobs tab for a listing of all historical fuzz jobs. If a job is currently running, there will be a section at the top of the page with a direct link to the currently running fuzz job.

Starting a New Job

Click the Start Job button in the top right of the tab to create a new fuzz job. This will pop open a new window that will check if the Fuzzbuzz CLI is alive, and attempt to make a connection to the target under test. If it is able to connect, the Start Job button will become enabled.

This window displays a few key configuration options:

  • Job Duration: we recommend at least 12-24 hours to ensure enough breadth across the potential input space of your program
  • Random Seed: use this to seed the random generation of the fuzzer. You can copy random seeds from previous fuzz runs which, when paired with the same Grammar, will produce the same input sequence as a previous run. This can be useful for reproducing complex stateful bugs
  • Mutate Data Structure: if turned on, the fuzzer will mutate generated inputs with no regard for the structure defined in the chosen Grammar. Only set this switch to true if you are certain that this is a valid use-case for your software

Once you have chosen your options, press Start Job to begin fuzzing, and be taken to the detailed job view.

Detailed Job View

After selecting a specific job, you will be presented with the detailed job screen.

The blue stats bar at the very top of the screen contains, in order, the elapsed and remaining time of the job, the amount of tests executed per second, the total number of tests executed so far, the number of bugs found, and the current run's random seed. Use this random seed to reproduce a previous test run's input sequence.

Below the stats bar, you will find a View Current Input dropdown. Clicking this will show you a live stream of the most recent input sent to the system under test, updated every second. You can use this to get an understanding of the types of inputs the fuzzer is generating. If you would like to collect a full sequence of every single input run through your tool, we suggest you create this yourself by having the software under test log every input it receives to a file.

Below the current input view, you will find a table containing all the bugs discovered by the fuzzer. Head to the Reproducing Bugs section to learn more about how to manage bugs found using Fuzzbuzz.