Dynamic testing, such as fuzzing, of software requires the development of an application-specific harness to provide inputs on all the input channels expected by the software. Today's state-of-the-art mutational fuzzing is also much more effective when it starts with sample, or seed, inputs that exercise some of the software's behavior.
Collecting good seed inputs requires an in-depth understanding of the application, while writing harnesses requires reverse-engineering and software-development expertise. Bindle eliminates these barriers, making dynamic testing much easier and faster to deploy. The tool's initial focus is on Linux applications.
Bindle collects seed inputs and generates harnesses automatically by learning from the tester simply running the software, as follows:
The following video demonstrates the usage of Bindle to harness an application for fuzz testing.
This material is based upon work supported by the Air Force, Army, DIU and DARPA under Contract(s) No. W15QKN-18-9-1013 and HR0011-18-C-0061. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the Air Force, Army, DIU or DARPA.