Skip to main content

fuzzing-obstacles

fuzzing-obstacles

Catalogue généré le 2026-05-11

En une phrase

Techniques for patching code to overcome fuzzing obstacles.

Quand l'utiliser

  • Use when checksums, global state, or other barriers block fuzzer progress.

Comment l'invoquer

  • Slash command : /fuzzing-obstacles (si exposé dans ton CLI)
  • Phrases déclencheurs : voir la description complète ci-dessous
  • Auto-invocation : sur demande explicite

Description complète

Techniques for patching code to overcome fuzzing obstacles. Use when checksums, global state, or other barriers block fuzzer progress.

Pour aller plus loin

Overcoming Fuzzing Obstacles

Codebases often contain anti-fuzzing patterns that prevent effective coverage. Checksums, global state (like time-seeded PRNGs), and validation checks can block the fuzzer from exploring deeper code paths. This technique shows how to patch your System Under Test (SUT) to bypass these obstacles during fuzzing while preserving production behavior.

Overview

Many real-world programs were not designed with fuzzing in mind. They may:

  • Verify checksums or cryptographic hashes before processing input
  • Rely on global state (e.g., system time, environment variables)
  • Use non-deterministic random number generators
  • Perform complex validation that makes it difficult for the fuzzer to generate valid inputs

These patterns make fuzzing difficult because:

  1. Checksums: The fuzzer must guess correct hash values (astronomically unlikely)
  2. Global state: Same input produces different behavior across runs (breaks determinism)

(extrait — voir le SKILL.md complet pour la suite)

Source

  • Plugin : trailofbits/testing-handbook-skills
  • Nom interne : fuzzing-obstacles
  • Fichier : /home/thymon/.claude/plugins/cache/trailofbits/testing-handbook-skills/1.0.1/skills/fuzzing-obstacles/SKILL.md