Open bannsec opened 6 years ago
Initial support for @@@
argument has been added. Currently, it only works for amd64 and likely has some bugs.
If anyone wants to try, simply use it the same way that you would use the AFL @@
command. I.e.:
autoPwn --disable-drill ls @@@
Recommending --disable-drill
for now since it will not correctly hand-off input to driller.
Added support for arbitrary number of @@@
fuzz locations: 2c66175
Supports i386 now as well
Currently
autoPwn
should work as normal withafl
style command fuzzing, which boils down to@@
generation of a file name per run. This doesn't actually fuzz the command-line arguments and there is experimental support for fuzzing command-line arguments forafl
if you compile your target binary with some modifications.It would be helpful if
autoPwn
could automate this for black-box fuzzing. Generally, that would seem to boil down into the following steps:strlen
check the existing input for that argument, then read in up to that length of input from stdin, ensuring to null terminate.It's messy, but i haven't seen a great solution to this challenge yet.