Griller – A Framework for Under-Constrained Fuzzing
Siddharth Muralee, Jayashree Srinivasan , Akul Pillai , Antonio Bianchi , Aravind Machiry, Giovanni Vigna , Christopher Kruegel
Fuzzing is a popular technique used to discover vulnerabilities in software applications. However, when applied to complex real-world applications of large sizes and hard to use APIs, they lack speed and performance. Code analysis techniques such as Symbolic execution also fail in such cases due to path explosion and miss out on bugs. To solve this problem, we present Griller, an under-constraint fuzzing framework to fuzz complicated applications with huge codebases by breaking them down at a function level and generating harnesses for individual functions. Griller filters out false positives by tracing back along the call graph using a combination of fuzzing, symbolic execution and constraint stitching.