search

agroce / afl-compiler-fuzzer

Variation of american fuzzy lop for testing compilers
http://lcamtuf.coredump.cx/afl/
Apache License 2.0
116 stars 11 forks source link

add POST client to mutation server #1

Closed rvantonder closed 3 years ago

rvantonder commented 3 years ago

This adds some POST client logic to query a server. The server receives the current buffer. The server response is substituted for the current buffer. See inline comments for more.

agroce commented 3 years ago

Ok, I think we really need a set of command line options, setting P(comby), P(my stuff), P(plain old afl mutations). We pick a default, and let you set any two (or three if you can add to 100) and that drives the decision. You can get all variants then, and experiment to see relative value is easy, if requiring a decent number of runs/time.

rvantonder commented 3 years ago

Sounds good, I'll update this PR with some CLI options

rvantonder commented 3 years ago

OK added CLI options:

         -1 [0-100]    - probability to apply built-in compiler mutation (C string implementions)
         -2 [0-100]    - probability to apply mutation using external server (comby)
         -p port       - external mutation server port (default 4448)

Any remainder out of 100 is allocated to AFL's default strategy. So something like:

./afl-fuzz -1 50 -2 40 ...

will pick your built-in C string mutators 50% of the time, call the server 40% of the time, and use AFL 10% of the time.

Omitting an option sets it to 0, so something like:

./afl-fuzz -2 40

will only call out to the server 40% of the time, and use AFLs default strategy 60% of the time (C string mutations are never called).

LMK if you have a preference for something other than -1 or -2`, I just kind of picked a single-character to denote these levels.

These options make P_MUTATION_TOOL "redundant", except that P_MUTATION_TOOL is used at compile time in the make files. Let me know if you're OK with removing this (I can clean up the makefiles). I couldn't think of an obvious easy way to keep this around and support the flags.

The default port is the same when running node server.js in comby-mutation-server.

Build fails on something unrelated, don't think it matters:

  error: invalid command 'bdist_wheel'

  ----------------------------------------
  Failed building wheel for python-levenshtein