Protocol Fuzzer Skill

Expert skill for protocol fuzzing, vulnerability discovery, and security testing of network protocols.

Capabilities

• Fuzzer Configuration: Configure AFL++, libFuzzer, boofuzz, and Peach Fuzzer
• Mutation Strategy Design: Generate effective mutation strategies for different protocols
• Coverage Analysis: Analyze code coverage and crash reports
• Grammar Definition: Create protocol grammar definitions for structured fuzzing
• Vulnerability Detection: Detect crash patterns, memory corruption, and security vulnerabilities
• Test Case Generation: Generate reproducible test cases from fuzzing results
• Crash Triage: Analyze and deduplicate crash reports
• Security Reporting: Generate security vulnerability reports

Tools and Dependencies

• AFL++ - American Fuzzy Lop Plus Plus
• libFuzzer - LLVM-based in-process fuzzer
• boofuzz - Network protocol fuzzer (Sulley successor)
• Peach Fuzzer - Smart fuzzing framework
• radamsa - General-purpose fuzzer
• honggfuzz - Security-oriented fuzzer

Target Processes

• protocol-fuzzer.js
• binary-protocol-parser.js
• network-testing-framework.js

Usage Examples

Boofuzz Protocol Fuzzing

from boofuzz import *

session = Session(target=Target(connection=TCPSocketConnection("127.0.0.1", 8080)))
s_initialize("HTTP Request")
s_string("GET", fuzzable=False)
s_delim(" ", fuzzable=False)
s_string("/", name="path")
s_static("\r\n\r\n")
session.connect(s_get("HTTP Request"))
session.fuzz()

AFL++ Instrumented Fuzzing

afl-fuzz -i input_corpus -o findings -M main -- ./target @@
afl-cov -d findings --coverage-cmd "./target AFL_FILE" --code-dir src/

Crash Analysis

afl-analyze -i crash_file -- ./target @@

Quality Gates

• Coverage threshold achieved
• No critical vulnerabilities found
• All crashes triaged
• Reproducible test cases generated
• Security report completed