Fuzzing & Triage Platform
The Fuzzing & Triage Platform demonstrates the integration of Reven with fuzzers.
The platform monitors a directory for input files leading to crashes (crash files), record/replay them in Reven, classify the crash using the Reven trace and give it an unique identifier. This unique identifier allows us to determine if the directory contains files leading to the same crash multiple times.
Warning: The fuzzing platform is not shipped with this version of esReven. Please contact the support at support.esreven@eshard.com if you want to use it.
Outline of the platform
The way the platform works can be summarized with the following diagram:
The platform can watch any directory for crash files. For each crash file appearing in the watched directory, the executor component of the platform will launch several steps:
- Record a fresh Reven scenario from the test harness + the input file causing the crash
- Replay the recorded scenario
- Analyze the replayed scenario
- Find the crash point
- Find the origin of the data causing the crash
- Further minimize the number of "unique crashes"
The current status and the final report for each crash file can be monitored live in the visualizer view, a web page locally served by the platform.
Supported workflows
Currently, only Windows x64 binaries are supported for analysis. This leaves 2 supported workflows for using the platform:
- Fuzzing under Windows, putting the discovered crashed input files in a shared directory with the platform, and recording/replaying/analyzing crashes under Windows.
- Fuzzing under Linux, and recording/replaying/analyzing crashes under Windows. This latter workflow requires that the target can be compiled both for Windows and Linux.