rwhitworth
commented
7 years ago I've gathered all my knowledge of fuzzing from reading blogs. I don't use many of the more sophisticated methods (yet) and stick with really basic usage. The high level steps I follow are:
- Compile afl-fuzz from source and install into /usr/local/bin
- git clone repo to test
- compile software, often like
LD=/usr/local/bin/afl-clang-fast CC=/usr/local/bin/afl-clang-fast CXX=/usr/local/bin/afl-clang-fast++ ./configure && make - Create a directory called input that contains a single file with a very simple input (example: for perl I might use
print 'hello';). The better example you start with the better the fuzzing output will be. - Run afl-fuzz:
afl-fuzz -i input -o output ./program-binary @@
For more information you can check these pages: http://lcamtuf.coredump.cx/afl/ - AFL homepage https://foxglovesecurity.com/2016/03/15/fuzzing-workflows-a-fuzz-job-from-start-to-finish/ https://foxglovesecurity.com/2016/06/13/finding-pearls-fuzzing-clamav/
Or email me and I'll try to write up better instructions with an example using gravity.
The biggest problem I've noticed so far is that without knowing the programming language well enough to provide a good input file, then there is a good chance the test cases will be non-ascii and completely unrealistic as input. Although the program still crashes it isn't as useful as valid input that causes the program to crash.
marcobambini
Hi, I'd be really interesting in setting up a American Fuzzy Lop to test my Gravity programming language: https://github.com/marcobambini/gravity but I have no idea where to start.
Can you please post more information about how to setup and produce that test? Thanks a lot.