Script fuzzing with an attacker’s mind-set

Abstract

Attackers primarily target memory corruption vulnerabilities inside script engine-hosting application, e.g. web browsers or most PDF viewers. Such applications are widely popular, and the discovery of vulnerabilities made by attackers ahead of security researchers diminishes the trustworthiness of their deployment. Typically, fuzzers are employed to generate unexpected inputs, with the aim of crashing applications and exposing errors. State-of-the-art fuzzers produce random byte sequences that comply with file/protocol formats. In the case of script fuzzers, random inputs need to constitute strings that are parse-able statements with respect to the scripting language used [1]. However, focusing solely on syntax-based randomness does not reflect the attacker’s mind-set, as generated inputs are not optimized for narrowing in on vulnerabilities. A demand exists for smarter fuzzers in order to accelerate the process of finding exploitable errors.