Comparing Fuzzers on a Level Playing Field with FuzzBench

Fuzzing is a testing approach commonly used in industry to discover bugs in a given software under test (SUT). It consists of running a SUT iteratively with randomly generated (or mutated) inputs, in order to find as many as possible inputs that make the SUT crash. Many fuzzers have been proposed to date, however no consensus has been reached on how to properly evaluate and compare fuzzers. In this work we evaluate and compare nine prominent fuzzers by carrying out a thorough empirical study based on an open-source framework developed by Google, namely FuzzBench, and a manually curated benchmark suite of 12 real-world software systems. The results show that honggfuzz and AFL++ are, in that order, the best choices in terms of general purpose fuzzing effectiveness. The results also show that none of the fuzzers outperforms the others in terms of efficiency across all considered metrics, that no particular bug affinity is found for any fuzzer, and that the correlation found between coverage and number of bugs depends more on the SUT rather than on the fuzzer used

Onion Spoofing: a Novel Technique for Observing Exit Node Traffic for Correlation Attacks

Tor is a tool that is used by 2,000,000 users every day for anonymous internet activity like anonymous web browsing. But, Tor’s suitability for web browsing is not only a cause for its popularity it is also a cause of its biggest weakness. Because Tor is fast enough for web browsing, it is vulnerable to traffic correlation. Traffic correlation is an attack on anonymity where an attacker observing both ends of a victim’s Tor connection can determine that both of these ends are “correlated”, thus revealing who the victim is communicating with. This revelation makes the victim’s communication no longer anonymous. Past research has shown that Tor nodes, Autonomous Systems (AS), and Internet Exchange Points (IXPs) can perform correlation attacks. In this paper we introduce “Onion Spoofing” an attack that uses DNS spoofing to intercept and observe traffic sent out of Tor by exit nodes. We then describe our implementation of Onion Spoofing and how we used it to perform correlation attacks to deanonymize Tor users in experimental settings. After this description, we share measurements we took of the Tor Network. These show that 91% of Tor exits are vulnerable to Onion Spoofing. We also found that 31% of Tor connections at any given time vulnerable to Onion Spoofing by Google. After demonstrating that Onion Spoofing is a threat to anonymity, we suggest mitigations and make recommendations for future work to improve Onion Spoofing