[johngd]

Would it be possible to use this method against something like a Java app loaded in tomcat where as to test for bugs within a certain library? Say, for instance that I wanted to see if certain malformed xml posts were able to cause unexpected behaviors in a passing endpoint? As I write this I think that in some cases some kind of httppenetration tool might be more suited but I think im wondering what would happen with a tool that isn't necessarily confined to a ruleset and pattern matching.

[cschneid]

The afl fuzzer relies on compiling C code with its own compiler, so I think it's limited to only C based programs.

What you may want is to use something like `quickcheck` (scalacheck or clojure's test.check I guess?) to send lots of "arbitrary" xml at your code and see what breaks. With sufficiently interesting definitions of "arbitrary" you can probably find bugs.

That approach would be testing inside the process, as opposed to passing in whole http requests. But if you know a section of code is more vulnerable than others, focus on it. No need to test all of tomcat's http parsing when you really care about your specific library.

[mrob]

Keegan McAllister has got AFL working with Rust code: https://github.com/kmcallister/afl.rs

Rust is designed to be memory safe by default, but fuzzing is still useful for testing unsafe code, and for finding assertion failures.

[feld]

I'd be interested in this as well