I do not understand how symbolic execution is different from Whitebox fuzzing? From what I understand, Whitebox Fuzzers symbolically execute the code with some initial input format. Additionally, it will be helpful if someone could differentiate between these two forms with reference to KLEE and AFL tools.
How is Symbolic Execution different from Whitebox Fuzzing?
484 views Asked by Madhuparna Bhowmik At
1
There are 1 answers
Related Questions in FUZZING
- oss-fuzz does not cover the code after if - else in C code
- compile syzkaller fuzzer failed without any error or warning
- Unable to use Jazzer due to compilation error
- how to fuzz program using libfuzzer?
- Fuzz testing with Playwright and gremlins.js
- Error compilingLLVMFuzzerTestOneInput DWARF error: invalid or unhandled FORM value: 0x25
- does anyone use jazzer to fuzz on android binder service
- RESTler API Fuzzing Add Authentication Bearer token
- missing afl-gcc even after installing af++
- Compiling CUPS with AFL++ instrumentation: "relocation R_X86_64_32 against ... can not be used when making a PIE object; recompile with -fPIE"
- How to apply C++ fuzzing test on function that has nested Google protobuf arguments?
- AFL++ Patch out of range
- QEMU-AFL: follow fork() into child
- AFL++ (time out or crash)
- Issue running the RESTler image from docker hub (proc/1/stat error related)
Related Questions in WHITE-BOX-TESTING
- Calculate minimum number of test cases for statement coverage and condition coverage respectively
- Why is white box testing sometimes called glass box testing?
- Statement Coverage and Decision Coverage - I am not able conclude which is the correct answer.-Need help wrt flow chart
- How to write test cases using Equivalence Class, Boundary value, and Basis Path Testing
- How is Symbolic Execution different from Whitebox Fuzzing?
- I am trying to learn statement coverage analysis
- Cyclomatic Complexity Calculation on Presenter Methods and Callbacks
- Should I add white/black box rendundant Unit Tests?
- White-box test cases with 100% code coverage
- White Box Testing - Basis Coverage
- PowerMockito - Whitebox Get Constructor of inner class with int[] parameter
- I have a few question about MC/DC and piarwise testing
- Is unit testing always white box testing?
- How to mock private methods using Whitebox(org.powermock.reflect)
- Undoing Whitebox.setInternalState in a @AfterMethod without setting original state
Related Questions in SYMBOLIC-EXECUTION
- Is Symbolic Execution a formal Verification technique?
- How Can I execute a function in angr using concrete value?
- How can I translate z3::expr(bv_val) into a bit representation of a number?
- Why IR is needed for symbolic execution?
- How do I create a testcase that targets a specified branch?
- I am unable to get back the file I saved after exiting from the Klee
- Is this how to test a stateful API with klee symbolic execution?
- How to annotate a program to detect dead-code with z3-solver?
- how to apply constraints to heap side effects in angr
- How is Symbolic Execution different from Whitebox Fuzzing?
- Why is this Symbolic Execution with Z3 resulting in an error?
- In which circumstances we cannot use symbolic execution?
- instrument a java lambda using ASM
- how to use 'stdin' in angr
- Analyzing firmware file with angr
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Popular Tags
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Whitebox fuzzing can be done not only with symbolic execution. SAGE from Microsoft Research is an example of a whitebox fuzzer that uses concolic execution, also called dynamic symbolic execution, see NDSS08.
Yes, Whitebox Fuzzers get some seed/seeds (initial input/inputs) and symbolically execute the code with these. Concolic fuzzers also run the code with these inputs in parallel with symbolic execution.
KLEE is a whitebox fuzzer that uses symbolic execution.
AFL is a greybox fuzzer - it uses internal structure information only to calculate coverage and not to get new paths. There are tools for AFL that get constants from comparisions in the code and add these to AFLs dictionaries, but this is still not whitebox fuzzing.