{"id":18345,"date":"2021-09-24T10:09:00","date_gmt":"2021-09-24T10:09:00","guid":{"rendered":"https:\/\/kalilinuxtutorials.com\/?p=18345"},"modified":"2021-09-19T03:36:00","modified_gmt":"2021-09-19T03:36:00","slug":"autoharness","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/autoharness\/","title":{"rendered":"Autoharness : A Tool That Automatically Creates Fuzzing Harnesses Based On A Library"},"content":{"rendered":"\n

AutoHarness<\/strong> is a tool that automatically generates fuzzing harnesses for you. This idea stems from a concurrent problem in fuzzing codebases today: large codebases have thousands of functions and pieces of code that can be embedded fairly deep into the library. It is very hard or sometimes even impossible for smart fuzzers to reach that codepath. Even for large fuzzing projects such as oss-fuzz, there are still parts of the codebase that are not covered in fuzzing. Hence, this program tries to alleviate this problem in some capacity as well as provide a tool that security researchers can use to initially test a code base. This program only supports code bases which are coded in C and C++.<\/p>\n\n\n\n

<\/a>Setup\/Demonstration<\/strong><\/p>\n\n\n\n

This program utilizes llvm and clang for libfuzzer, Codeql for finding functions, and python for the general program. This program was tested on Ubuntu 20.04 with llvm 12 and python 3. Here is the initial setup.<\/p>\n\n\n\n

sudo apt-get update;
sudo apt-get install python3 python3-pip llvm-12* clang-12 git;
pip3 install pandas lief subprocess os argparse ast;<\/strong><\/p>\n\n\n\n

Follow the installation procedure for Codeql on https:\/\/github.com\/github\/codeql. Make sure to install the CLI tools and the libraries. For my testing, I have stored both the tools and libraries under one folder. Finally, clone this repository or download a release. Here is the program’s output after running on nginx with the multiple argument mode set. This is the command I used.<\/p>\n\n\n\n

python3 harness.py -L \/home\/akshat\/nginx-1.21.0\/objs\/ -C \/home\/akshat\/codeql-h\/ -M 1 -O \/home\/akshat\/autoharness\/ -D nginx -G 1 -Y 1 -F “-I \/home\/akshat\/nginx-1.21.0\/objs -I \/home\/akshat\/nginx-1.21.0\/src\/core -I \/home\/akshat\/nginx-1.21.0\/src\/event -I \/home\/akshat\/nginx-1.21.0\/src\/http -I \/home\/akshat\/nginx-1.21.0\/src\/mail -I \/home\/akshat\/nginx-1.21.0\/src\/misc -I \/home\/akshat\/nginx-1.21.0\/src\/os -I \/home\/akshat\/nginx-1.21.0\/src\/stream -I \/home\/akshat\/nginx-1.21.0\/src\/os\/unix” -X ngx_config.h,ngx_core.h<\/strong><\/p>\n\n\n\n

Results<\/strong><\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

It is definitely possible to raise the success by further debugging the compilation and adding more header files and more. Note the nginx project does not have any shared objects after compiling. However, this program does have a feature that can convert PIE executables into shared libraries.<\/p>\n\n\n\n

<\/a>Planned Features (in order of progress)<\/strong><\/p>\n\n\n\n