pl
en
Fuzzers have a lot of advantages and disadvantages. One of disadvantages is long execution time. In order to provide most accurate results we need to cover as much code as possible with fuzzing. At the end of the day it means billions of request at worst case scenario. Add to it time required to complete each iteration including generating it.
In case of block fuzzers like SPIKE or Sulley it is common to generate sets of different iterations – for example:
Iteration set 1: / * n Iteration set 2: ../ * n Iteration set 3: .. * n
Where n is integer type. Generating such sets even in bytecode based languages is not a very time consuming problem until… we need to fuzz not one but multiple targets. In such case it might be worth to store all sets after initial generation (assuming there is no need for modification). Memory for storing sets should not be an issue here however keep in mind that for single request few megabytes might be required.
So how can we optimize fuzzer execution time? There are couple of obvious and simple answers like:
- Use threads or subprocesses
- Generate request sets once and reuse it without modification or with as little as possible changes. Keep in mind that slicing in Python can be a costly operation.
- Deploy internal cache mechanism for serving repeatable actions
- Optimize connection and sending request method
- Other