Closed zhtrb closed 4 years ago
I suppose you read this in https://github.com/google/AFL/blob/master/README.md#6-fuzzing-binaries
The [..params..]
is a placeholder to describe how programs are usually invoked. Let's say you want to fuzz sha1sum
program. You'd typically use it as sha1sum <path_to_file_to_calculate_hash_for>
, or you may use additional options of that program, e.g. sha1sum -z <path_to_file_to_calculate_hash_for>
. So, either only <path_to_file_to_calculate_hash_for>
or a sequence of multiple parameters such as -z <path_to_file_to_calculate_hash_for>
would be the [..params..]
part.
If you want to fuzz sha1sum
program by passing testcases as files, you'd need to invoke AFL with the following command line sha1sum -z @@
. That way, AFL will replace @@
with a path to a fuzzing testcases it generated for the target program.
$ ./afl-fuzz -i testcase_dir -o findings_dir /path/to/program […params…]
$ ./afl-fuzz -i testcase_dir -o findings_dir /path/to/program @@
I wonder what […params…] and @@ mean. Isn't input in testcase_dir? I can't understand what inputs from stdin and files mean.