American Fuzzy Lop (AFL) is an open source, coverage-assisted fuzz testing tool developed by Michał Zalewski of Google. In a nutshell, it feeds intelligently crafted input to a program that exercises corner cases and finds bugs in a target program.
In this blog post, I'll describe how to use AFL's experimental persistent mode to blow the doors off of a server without having to make major modifications to the server's codebase. I've used this technique at Fastly to expand testing in some of the servers that we rely on and others that we are experimenting with.
Throughout this post, I'll use the open source Knot DNS with a basic configuration as a running example, but the technique is applicable to other servers and long running processes as well.