Exploring the Importance of Initial Seeds in Stateful Fuzzing of Network Services

Finding bugs in network protocol services has important practical significance, and fuzzing is currently the mainstream method. Since the bugs in the network protocol services are often stateful, it is very difficult to fuzz it, because the search space has been expanded exponentially. Existing work mainly attempts to improve the effect of fuzzing from three aspects: improving fuzzing speed, designing new state representations, and formatting mutations, and has made a lot of progress. However, no work has yet started with the idea of designing better initial seeds. Since the initial seed provides an important basic search path for subsequent fuzzing, it has an important impact on improving the exploration effect of stateful fuzzing. In order to strengthen research in this area, this paper discusses the importance of initial seeds for stateful fuzzing, providing new ideas for research in this area. This article takes the TLS server provided by OpenSSL as an example, designs two different initial seeds, and uses these two seeds as the initial seeds to carry out a 24-hour fuzzing with AFLnet to compare the results of the two different initial seeds in improving the fuzzing effect. Experiments show that different initial seeds can indeed bring about large differences in fuzzing coverage, so optimizing initial seeds is of great significance for improving the efficiency of fuzzing network protocol services. In addition, this paper discussed how to design better initial seeds.