Fuzzing sockets: Apache HTTP, Part 1: Mutations

In the final installment of a series on fuzzing sockets, the focus shifts to the Apache HTTP Server, one of the most widely used web servers, and explores the use of custom mutators to enhance fuzzing effectiveness. The author describes a variety of mutation strategies specifically designed for the HTTP protocol and conducts experiments to determine the most effective combinations for achieving high code coverage. The article also delves into utilizing grammar-based mutators and modifying Apache's configuration to optimize fuzzing processes. Additionally, it addresses the complexities of debugging, such as encountering non-deterministic bugs and the challenges posed by tooling like AFL++. Through persistent investigation, the author uncovers a memory corruption issue related to AFL++'s shared memory bitmap, offering insights into both the fuzzing techniques and the importance of understanding tool limitations. The article concludes by previewing the next part of the series, which promises to explore advanced fuzzing techniques and specific Apache modules.