Fuzzing FastCGI With AFL-Fuzz

This is the very long tale of my adventures in fuzzing FastCGI with AFL-Fuzz. If you’re interested in fuzzing a FastCGI binary, look no further.

What is FastCGI?

FastCGI is a binary protocol. In most cases a user interacts with a web server such as nginx or lighttpd, which in turn communicates with FastCGI through a named pipe or TCP connection. FastCGI then executes code.

Why FastCGI?

I had access to a binary written in C/C++ which used FastCGI. In fact, FastCGI is used in almost…