American Fuzzy Lop: Difference between revisions
From charlesreid1
No edit summary |
(→Flags) |
||
| (14 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
Link to more information: https://necurity.co.uk/netsec/2015/03/30/Fun-With-AFL.html#sthash.h9Aurb7C.dpbs | |||
American fuzzy lop is a program for [[Fuzzing]]. It is very sophisticated and can be instrumented with a binary to do very targeted fuzzing. | |||
American fuzzy lop is a program for | |||
=Installing= | =Installing= | ||
| Line 29: | Line 25: | ||
Programs that can be fuzzed are those that take input files, usually binary files or unusual formats. (Think mp3, multimedia, images, etc.) | Programs that can be fuzzed are those that take input files, usually binary files or unusual formats. (Think mp3, multimedia, images, etc.) | ||
<pre> | |||
wget http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.1.6.tar.gz | |||
tar -xvf libressl-2.1.6.tar.gz cd libressl-2.1.6/ | |||
CC=~/afl/afl-1.57b/afl-gcc ./configure | |||
make check | |||
mkdir /root/testing | |||
export DESTDIR=/root/testing/ | |||
make install | |||
</pre> | |||
[[Image:AmericanFuzzyLoop1.png|500px]] | |||
[[Image:AmericanFuzzyLoop2.png|500px]] | |||
=Links= | |||
Nice overview and tutorial to causing and exploring program crashes: http://necurity.co.uk/netsec/2015-03-26-Fun-With-AFL/#sthash.h9Aurb7C.dpbs | |||
=Flags= | |||
{{FuzzingFlag}} | |||
{{KaliFlag}} | |||
Latest revision as of 21:40, 16 April 2017
Link to more information: https://necurity.co.uk/netsec/2015/03/30/Fun-With-AFL.html#sthash.h9Aurb7C.dpbs
American fuzzy lop is a program for Fuzzing. It is very sophisticated and can be instrumented with a binary to do very targeted fuzzing.
Installing
Get the latest version, and run make to make it:
$ wget http://lcamtuf.coredump.cx/afl/releases/afl-latest.tgz $ tar -xvf afl-latest.tgz cd afl-latest.tgz $ cd afl-* $ make $ make install
Success!
root@morpheus:~/codes/afl-2.10b# which afl-fuzz /usr/local/bin/afl-fuzz
Fuzzing a Program
Programs that can be fuzzed are those that take input files, usually binary files or unusual formats. (Think mp3, multimedia, images, etc.)
wget http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.1.6.tar.gz tar -xvf libressl-2.1.6.tar.gz cd libressl-2.1.6/ CC=~/afl/afl-1.57b/afl-gcc ./configure make check mkdir /root/testing export DESTDIR=/root/testing/ make install
Links
Nice overview and tutorial to causing and exploring program crashes: http://necurity.co.uk/netsec/2015-03-26-Fun-With-AFL/#sthash.h9Aurb7C.dpbs
Flags
 |
Fuzzing a brute force technique to test programs' abilities to deal with malformed inputs.
|