FMViz: Visualizing Tests Generated by AFL at the Byte-level

TL;DR

FMViz is a visualization tool that enhances understanding of AFL fuzzing by illustrating byte-level mutations and test input evolution, aiding developers and students in comprehending fuzzing processes.

Contribution

This paper introduces FMViz, a novel visualization tool that extends AFL to display byte-level mutations and test input changes during fuzzing campaigns.

Findings

FMViz effectively visualizes byte-level mutations in AFL.

The tool helps users understand fuzzing behavior better.

Open-source availability encourages adoption and further development.

Abstract

Software fuzzing is a strong testing technique that has become the de facto approach for automated software testing and software vulnerability detection in the industry. The random nature of fuzzing makes monitoring and understanding the behavior of fuzzers difficult. In this paper, we report the development of Fuzzer Mutation Visualizer (FMViz), a tool that focuses on visualizing byte-level mutations in fuzzers. In particular, FMViz extends American Fuzzy Lop (AFL) to visualize the generated test inputs and highlight changes between consecutively generated seeds as a fuzzing campaign progresses. The overarching goal of our tool is to help developers and students comprehend the inner-workings of the AFL fuzzer better. In this paper, we present the architecture of FMViz, discuss a sample case study of it, and outline the future work. FMViz is open-source and publicly available at https://github.com/AftabHussain/afl-test-viz.