Fuzzing PHP Interpreters By Automatically Generating Samples

Jacob S. Baumgarte, Wright State University


Modern web development has grown increasingly reliant on scripting languages such as PHP. The complexities of an interpreted language means it is very difficult to account for every use case as unusual interactions can cause unintended side effects. Automatically generating test input to detect bugs or fuzzing, has proven to be an effective technique for JavaScript engines. By extending this concept to PHP, existing vulnerabilities that have since gone undetected can be brought to light. While PHP fuzzers exist, they are limited to testing a small quantity of test seeds per second. In this thesis, we propose a solution for fuzzing the PHP interpreter in an intelligent and time efficient manner and present our prototype implementation PHP Fuzz. Our solution makes use of an abstract syntax tree to generate correct and meaningful test seeds with minimal user interaction. Currently, PHP Fuzz is unable to parse very complex syntax such as classes, but with future work, our system could generate test seeds covering every element of the PHP language.