Generating Test Inputs and Interactions with the Fandango Fuzzer

Random test input generators (fuzzers) have become the prime detectors of vulnerabilities in software. While generic fuzzers easily adapt to arbitrary programs under test, they offer very little possibilities to control or shape the generated inputs. In this talk, I present the Fandango test generator for comprehensive generation of complex test inputs and interactions. Fandango combines grammars with predicates over input elements to produce inputs that satisfy all the given predicates. Examples of what such predicates can express include

• input format constraints ("The length field should be equal to the length of the payload")
• code features ("Any variable used must be declared beforehand")
• statistical distributions ("Across all inputs, the voltage field must follow a Gaussian distribution, but never exceed 20 mV")
• data collections ("The credit-card-number field should come from the Python faker library")
• and – all new – protocols ("After a HELO command, send a 221 response")

Fandango efficiently produces complex file formats and demanding interactions, up to full-fledged programming languages or SSL certificates. This opens the door towards personalized fuzzing, where testers can make use of their own knowledge and LLM knowledge to very effectively fuzz systems. Includes live demos!

Takeaways

After this talk, you will

• be able to specify and test simple formats for inputs and interactions
• use these to produce comprehensive sets if inputs and interactions for testing
• understand the cost/benefit ratio of specification-based testing.

Learn more. Fandango is available at https://fandango-fuzzer.github.io/ Also have a look at fuzzingbook.org, Andreas Zeller's online book on fuzzing and test generation.