Abstract

Directed Greybox Fuzzing (DGF) has proven effective in vulnerability detection, such as bug reproduction and patch testing. Despite this, existing directed fuzzers are often complex monolithic tools that lack modularity and have limited binary support. This constrains their usability on complex software or when the source code is unavailable; a complexity encountered when fuzzing embedded systems. In this thesis, we address these limitations by introducing the Directed Fuzzing Toolkit (DRIFT) as a foundational platform for directed fuzzing within the modular framework of LibAFL. DRIFT modularizes techniques from the state-of-the-art directed fuzzer AFLGo and adapts them for binary applications across CPU architectures. This design augments fuzzers built on top of LibAFL with directed fuzzing capabilities at the binary level thereby enhancing the applicability of DGF on a variety of targets and facilitating the adaptation of these techniques for IoT fuzzing. Our evaluation of DRIFT shows a 90% correlation in distance metric computation over binary over multiple architectures compared to its source-code counterpart. Fuzzing performance was also notable despite operating over emulation. In benchmarks, DRIFT’s performance exceeds the original fuzzer with doubled bug discovery rates and 9-40x faster exploitation times. This accomplishment is attributed to the advantages conferred by our toolkit’s modular design and its native integration with LibAFL. Additionally, DRIFT introduces a profiling platform for directed fuzzing metrics and seamless integration with the Magma benchmark. Together, these features position it as a practical advancement in directed fuzzing within LibAFL.