Fuzzing is providing invalid, unexpected or random data to the inputs of a computer program then monitor for exceptions such as crashes, memory leaks or built-in code assertions.

Am using AFL on debian linux.

Download ALF from: http://lcamtuf.coredump.cx/afl/releases/afl-latest.tgz

The AFL quick start guide for more information: http://lcamtuf.coredump.cx/afl/QuickStartGuide.txt

For a quick fuzzing test lets use Fuzzgoat; https://github.com/fuzzstati0n/fuzzgoat

git https://github.com/fuzzstati0n/fuzzgoat

compile fuzzgoat, cd in fuzzgoat directory

CC=/usr/bin/afl-gcc CXX=/usr/bin/afl-g++ make

To run AFL

afl-fuzz -i in -o out ./fuzzgoat @@

You may be prompted to configure the core dump notifications

echo core >/proc/sys/kernel/core_pattern

Then you will need to increase your CPU scaling frequency using the scaling_governor

cd /sys/devices/system/cpu
/sys/devices/system/cpu# echo performance | tee cpu*/cpufreq/scaling_governor

After that you can run the command again

afl-fuzz -i in -o out ./fuzzgoat @@

It will start fuzzing and present you with the status screen.


Fuzzing definition from Wikipedia https://en.wikipedia.org/wiki/Fuzzing