https://github.com/sslab-gatech/malintent
https://github.com/sslab-gatech/malintent
Last synced: 7 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/sslab-gatech/malintent
- Owner: sslab-gatech
- Created: 2024-09-13T21:26:28.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2024-09-13T21:27:56.000Z (over 1 year ago)
- Last Synced: 2025-06-20T17:06:20.733Z (7 months ago)
- Language: Rust
- Size: 158 KB
- Stars: 7
- Watchers: 23
- Forks: 2
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# IntentFuzzer - libAFL version
This is an automated greybox fuzzer for Intent receivers on Android.
## How To Use
`cargo run -- --help`
## Architecture
```
Fuzzer Android Device/Emulator
┌───────────┐ ┌──────────────────┐
│ │ TCP Port │ App │
│ Collects │ over ADB │ ┌──────────────┐ │
│ coverage ◄├─────────────┼►┤Coverage Agent│ │
│ │ │ ├──────────────┤ │
│ │ │ │ │ │
│ │ │ │ │ │
│ │ │ │ │ │
│ │ │ │ │ │
│ │ │ └──────▲───────┘ │
│ │ │ │ │
│ Mutates │ │ │(Intents)│
│ intents │Sends Intents├────────┴─────────┤
└───────────┴────────────►│ Android Activity │
│ Manager │
└──────────────────┘
```
## Project Structure
[AndroidCoverageAgent](https://github.com/sslab-gatech/AndroidCoverageAgent) is
used to instrument apps on-device or on-emulator for coverage feedback.
The `apk_analyzer` subfolder contains a Kotlin project that uses the
[jadx](https://github.com/skylot/jadx) API to analyze an apk file and create
an `intent_template.json` file from it.
The root folder `.` contains the fuzzer written in Rust using
[libafl](https://github.com/AFLplusplus/LibAFL) to implement the fuzzing loop
and uses the generated `intent_template.json` and `adb` to communicate with the
coverage agent in the Android environment.