AFLplusplus Blogpost Save

Blogpost about optimizing binary-only fuzzing with AFL++

Project README

Lab for grammar-aware in-memory persistent fuzzing

Introduction

This repository contains all scripts and data (as well as an ELF target) to follow along as you read the associated blogpost by experimenting on your own on one example: src/target.c (the source code of the target).

Repository organization:

step0: basic fuzzing setup, default configuration
step1: custom instrumentation (targeting parse_cert_buf function)
step2: with a customized entrypoint
step3: with persistent mode
step4: with an in-memory hook
- src/hook: source code of the hook
step5: custom grammar-aware mutator
- src/mutator: source code of the custom mutator
step6: with multi-processing

Setup

AFL++

Clone and compile AFL++ from the base folder:

$ git clone https://github.com/AFLplusplus/AFLplusplus.git -b dev
$ cd AFLplusplus
$ git apply ../src/mutator/afl-fuzz-run.patch
$ make distrib

Note:

See this discussion to understand why this patch is necessary
Tested with commit 4063a3eb4c4099e37aef4f1d96e8b80d58d65fe2 from Mon Jan 23 12:50:57 2023 +0100

libprotobuf-mutator

Clone and compile libprotobuf-mutator (used to build our custom mutator) from the base folder:

$ git clone https://github.com/google/libprotobuf-mutator.git
$ cd libprotobuf-mutator
$ mkdir build && cd build
$ cmake .. -GNinja -DLIB_PROTO_MUTATOR_DOWNLOAD_PROTOBUF=ON -DLIB_PROTO_MUTATOR_TESTING=OFF -DCMAKE_BUILD_TYPE=Release -DCMAKE_C_FLAGS="-fPIC" -DCMAKE_CXX_FLAGS="-fPIC"
$ ninja

Note: Tested with commit af3bb18749db3559dc4968dd85319d05168d4b5e from Wed Dec 7 15:21:20 2022 -0800

Clone and compile the protobuf ASN.1 mutator from the base folder:

$ git clone https://github.com/google/fuzzing.git google-fuzzing
$ cd google-fuzzing/proto/asn1-pdu/
$ ../../../libprotobuf-mutator/build/external.protobuf/bin/protoc *.proto --python_out=. --cpp_out=.
$ git apply ../../../src/mutator/google-fuzzing.patch

Note:

See this pull request to understand why this patch is necessary
Tested with commit 128a82660ffe414036ded9a6e561a9532945280d from Wed Oct 26 14:12:31 2022 +0200

Python packages

Install Python3 and the venv package:

$ apt update
$ apt install python3 python3-venv

Setup a virtual environment and install dependencies:

$ cd src/mutator
$ python3 -m venv .env
$ source .env/bin/activate
$ pip3 install -r requirements.txt

Blog

Compile the target and libraries created for this blogpost from the base folder:

make -C src

Finally, generate the corpus:

$ cd <step folder>
$ ./build_corpus.sh

Run

Simply use the fuzz.sh script from the step you are on:

$ cd <step folder>
$ ./fuzz.sh

Open Source Agenda is not affiliated with "AFLplusplus Blogpost" Project. README Source: airbus-seclab/AFLplusplus-blogpost

Stars

Open Issues

Last Commit

7 months ago

Repository

airbus-seclab/AFLplusplus-blogpost

License

GPL 2.0

Homepage

https://airbus-seclab.github.io/AFLplusplus-blogpost

Open Source Agenda Badge

<a href="https://www.opensourceagenda.com/projects/aflplusplus-blogpost"><img src="https://www.opensourceagenda.com/projects/aflplusplus-blogpost/reviews/badge.svg" alt="Open Source Agenda"></a>

Submit Review Review Your Favorite Project

Submit Resource Articles, Courses, Videos

Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022