Fuzzing is providing invalid, unexpected or random data to the inputs of a computer program then monitor for exceptions such as crashes, memory leaks or built-in code assertions.
Am using AFL on debian linux.
Download ALF from: http://lcamtuf.coredump.cx/afl/releases/afl-latest.tgz
The AFL quick start guide for more information: http://lcamtuf.coredump.cx/afl/QuickStartGuide.txt
For a quick fuzzing test lets use Fuzzgoat; https://github.com/fuzzstati0n/fuzzgoat
git https://github.com/fuzzstati0n/fuzzgoatcompile fuzzgoat, cd in fuzzgoat directory
CC=/usr/bin/afl-gcc CXX=/usr/bin/afl-g++ makeTo run AFL
afl-fuzz -i in -o out ./fuzzgoat @@You may be prompted to configure the core dump notifications
echo core >/proc/sys/kernel/core_patternThen you will need to increase your CPU scaling frequency using the scaling_governor
cd /sys/devices/system/cpu
/sys/devices/system/cpu# echo performance | tee cpu*/cpufreq/scaling_governorAfter that you can run the command again
afl-fuzz -i in -o out ./fuzzgoat @@It will start fuzzing and present you with the status screen.
References:
Fuzzing definition from Wikipedia https://en.wikipedia.org/wiki/Fuzzing
Comments