mykter / afl-training Goto Github PK
View Code? Open in Web Editor NEWExercises to learn how to fuzz with American Fuzzy Lop
License: Other
Exercises to learn how to fuzz with American Fuzzy Lop
License: Other
Feedback from BSides London:
Potentially explain a little more about the purpose of fuzzing and its role in exploit dev, stability, etc. Maybe a case study or two?
https://trustfoundry.net/introduction-to-triaging-fuzzer-generated-crashes/ looks like a good resource
Hi. The SSH listen port of docker env has been set to port 2222 by default in entrypoint.sh. So the env setup instruction should change from 22000:22 to 22000:2222 accordingly, or else error "Connection closed by remote host" will pop up.
https://github.com/mykter/afl-training/tree/main/environment#running-locally
install the C extension
Add a picture showing relationship between afl-fuzz, clang, afl-clang-fast, harness, target, folders
Due for release March 3.
I'm trying to complete the heartbleed
challenge and the limit_memory.sh
script doesn't work as the ASNWERS.md file suggests.
First of all, the script is located in the ~/AFLplusplus/utils/asan_cgroups/
directory, and not ~/AFLplusplus/examples/asan_cgroups/
, like the answers file suggests.
Second of all, when you do try to run the script, then it fails:
sudo ~/AFLplusplus/utils/asan_cgroups/limit_memory.sh -u fuzzer afl-fuzz -i in -o out ./handshake
cgcreate: libcgroup initialization failed: Cgroup is not mounted
I also tried running it in the official AFL++ docker image, but ran into the same problem.
I don't know too much about cgroups, so I'm not sure what's going wrong. I'm running AFL++ from a privileged docker container, from inside a Virtualbox VM, if it makes any difference.
Hello @mykter! Really amazing collection in this repo!
I was wondering if you also have any examples and (most importantly) programs that have some kind of file IO, or they change their environment, that prohibits AFL of finding bugs?
I'm working on an isolation framework around AFL to checkpoint application files in case they have changed. So when the AFL forkserver spawns a new process, all files are reverted to their initial condition.
Hi,
I have done the experiment as the tutorial, but only about 78 paths detected after 24 hours fuzzing, neither does the heartbleed vulnerability.
The process is as follow:
Regards,
xiaosatianyu
There isn't time to cover it in the typical 4hr format, but people might find it valuable to have in the materials to work on after or if they're doing it offline.
In readme there is a line "There is extra information in the speaker notes". But actually it has only slides. And there is no option to open speaker notes.
If write harness as example https://github.com/mykter/afl-training/tree/main/harness#arbitrary-input-formats
the harness can tell which case to run based on the 1st parameter.
In this circumstances, how to make the harness read from input file? if we write the "echo" and "mul" in seed file, the AFL will mutate the "echo" and "mul" as well. if we just write the parameters in seed file, how the harness know whether lib_echo or mul be called?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.