Install the Fuzzbuzz CLI
Find your first C/C++ bug
Find your first Python bug
Find your first Go bug
Find your first Rust bug
Seeding your fuzzer
Integrating with libFuzzer
Heartbleed in 5 Minutes
Running Fuzz Jobs
The Jobs Tab
When viewing a specific protocol project, click the
Jobs tab for a listing of all historical fuzz jobs. If a job is currently running, there will be a section at the top of the page with a direct link to the currently running fuzz job.
Starting a New Job
Start Job button in the top right of the tab to create a new fuzz job. This will pop open a new window that will check if the Fuzzbuzz CLI is alive, and attempt to make a connection to the target under test. If it is able to connect, the
Start Job button will become enabled.
This window displays a few key configuration options:
Job Duration: we recommend at least 12-24 hours to ensure enough breadth across the potential input space of your program
Random Seed: use this to seed the random generation of the fuzzer. You can copy random seeds from previous fuzz runs which, when paired with the same
Grammar, will produce the same input sequence as a previous run. This can be useful for reproducing complex stateful bugs
Mutate Data Structure: if turned on, the fuzzer will mutate generated inputs with no regard for the structure defined in the chosen
Grammar. Only set this switch to true if you are certain that this is a valid use-case for your software
Once you have chosen your options, press
Start Job to begin fuzzing, and be taken to the detailed job view.
Detailed Job View
After selecting a specific job, you will be presented with the detailed job screen.
The blue stats bar at the very top of the screen contains, in order, the elapsed and remaining time of the job, the amount of tests executed per second, the total number of tests executed so far, the number of bugs found, and the current run's random seed. Use this random seed to reproduce a previous test run's input sequence.
Below the stats bar, you will find a
View Current Input dropdown. Clicking this will show you a live stream of the most recent input sent to the system under test, updated every second. You can use this to get an understanding of the types of inputs the fuzzer is generating. If you would like to collect a full sequence of every single input run through your tool, we suggest you create this yourself by having the software under test log every input it receives to a file.
Below the current input view, you will find a table containing all the bugs discovered by the fuzzer. Head to the Reproducing Bugs section to learn more about how to manage bugs found using Fuzzbuzz.