Blogpost about optimizing binary-only fuzzing with AFL++
This repository contains all scripts and data (as well as an ELF target) to follow along as you read the associated blogpost by experimenting on your own on one example: src/target.c (the source code of the target).
Repository organization:
parse_cert_buf
function)Clone and compile AFL++ from the base folder:
$ git clone https://github.com/AFLplusplus/AFLplusplus.git -b dev
$ cd AFLplusplus
$ git apply ../src/mutator/afl-fuzz-run.patch
$ make distrib
Note:
4063a3eb4c4099e37aef4f1d96e8b80d58d65fe2
from Mon Jan 23 12:50:57 2023 +0100
Clone and compile libprotobuf-mutator
(used to build our custom mutator) from
the base folder:
$ git clone https://github.com/google/libprotobuf-mutator.git
$ cd libprotobuf-mutator
$ mkdir build && cd build
$ cmake .. -GNinja -DLIB_PROTO_MUTATOR_DOWNLOAD_PROTOBUF=ON -DLIB_PROTO_MUTATOR_TESTING=OFF -DCMAKE_BUILD_TYPE=Release -DCMAKE_C_FLAGS="-fPIC" -DCMAKE_CXX_FLAGS="-fPIC"
$ ninja
Note: Tested with commit af3bb18749db3559dc4968dd85319d05168d4b5e
from
Wed Dec 7 15:21:20 2022 -0800
Clone and compile the protobuf ASN.1 mutator from the base folder:
$ git clone https://github.com/google/fuzzing.git google-fuzzing
$ cd google-fuzzing/proto/asn1-pdu/
$ ../../../libprotobuf-mutator/build/external.protobuf/bin/protoc *.proto --python_out=. --cpp_out=.
$ git apply ../../../src/mutator/google-fuzzing.patch
Note:
128a82660ffe414036ded9a6e561a9532945280d
from Wed Oct 26 14:12:31 2022 +0200
Install Python3 and the venv package:
$ apt update
$ apt install python3 python3-venv
Setup a virtual environment and install dependencies:
$ cd src/mutator
$ python3 -m venv .env
$ source .env/bin/activate
$ pip3 install -r requirements.txt
Compile the target and libraries created for this blogpost from the base folder:
make -C src
Finally, generate the corpus:
$ cd <step folder>
$ ./build_corpus.sh
Simply use the fuzz.sh
script from the step you are on:
$ cd <step folder>
$ ./fuzz.sh