Dor1s
commented
4 years ago I suppose you read this in https://github.com/google/AFL/blob/master/README.md#6-fuzzing-binaries
The [..params..] is a placeholder to describe how programs are usually invoked. Let's say you want to fuzz sha1sum program. You'd typically use it as sha1sum <path_to_file_to_calculate_hash_for>, or you may use additional options of that program, e.g. sha1sum -z <path_to_file_to_calculate_hash_for>. So, either only <path_to_file_to_calculate_hash_for> or a sequence of multiple parameters such as -z <path_to_file_to_calculate_hash_for> would be the [..params..] part.
If you want to fuzz sha1sum program by passing testcases as files, you'd need to invoke AFL with the following command line sha1sum -z @@. That way, AFL will replace @@ with a path to a fuzzing testcases it generated for the target program.
$ ./afl-fuzz -i testcase_dir -o findings_dir /path/to/program […params…]$ ./afl-fuzz -i testcase_dir -o findings_dir /path/to/program @@I wonder what […params…] and @@ mean. Isn't input in testcase_dir? I can't understand what inputs from stdin and files mean.