Hopper
Hopper
Hopper is my undergrad Thesis project, I began working on it September 2022.
Hopper is a Coverage-Guided Greybox Distributed Fuzzer inspired by AFL++, it aims to improve performance of Fuzzing in large-scale distributed environments, it's not meant to replace AFL++ in most cases.
Hopper's main competitor is
Centipede, it's also a Distributed Fuzzer that's been developed internally by Google for some time. It's written in C++ and was recently Open Sourced in June of 2022. When I began working on Hopper, I wasn't aware of Centipedes existance. However, I believe the future of distributed fuzzers will be in Rust or Golang.Hopper is written in Golang, and I think it provides a good proof of concept for large-scale distributed fuzzing campaigns. A simple docker-based demo is available in the README, if you want to check it out:
Inspiration
Summer 2022, beginning my penultimate semester of my undergrad I was conflicted with choosing between doing a Capstone Project or a Thesis. I have been doing research and building fuzzers for 2 years, so it was clear that I'd probably end up doing something related to that. It only felt natural that I'd go with the Thesis route since fuzzers are usually considered a research field and I had the support of my Research Advisor, however I wasn't really sure what exactly.
My research was mostly focused on Systems working under Prof. Robert Ricci at the FLUX Research Group, mor specifically I did research from WASM Fuzzers, semantic analysis fuzzing, and CFA fuzzers, to chasing compiler-based instrumentation fuzzers like AFL and AFL++ approaches. But I wasn't sure exactly what I should write my Thesis about. Until, a serendipitously timed assignment to implement Map-Reduce in my Distributed Systems course taught by Professor Ryan Stutsman, this almost felt like divine premonition. I thought back to my experience with using AFL++ in parallel mode with multiple machines and realised its scaling limitation. I began looking at current approaches into the space of parallel distributed fuzzers, I found that very little had been done in this area. With this in mind, I set out to build Hopper! Although Google's Map-Reduce was the initial inspiration and definitely inspired the way Hopper manages the Task Scheduling and assignment strategy, Hopper’s core infrastructure is substantially different.