0

I am working on Linux. What I want to do is to fuzz a web application by afl++. My goal is not to find the risk of XSS/CSRF... (I think I can use ZAP or Burp to handle it.) I am focusing on what kind of input will occur 'crash'. At the same time, the error message of the crash can be recorded for further analyzing.

I have read some articles about this, it seems that afl fuzzer need to work via socket and have to modify the source code of the web application. However in my case, I don't want to modify source code. I want a more general solution.

Fuzz Target: web application binary (e.g. httpd)

Main Goal: Crash samples & Error log of crashes

I am really new to this area. Please give me some help :)

desionxxx
  • 21
  • 3

1 Answers1

0

If you want to run perform fuzzing with AFL++ and sockets you need to modify the source code of the program that you want to fuzz adapting this to pass the test case files as a buffer of the socket. Or use a fork of AFL++ which allows sockets.

Thus, the steps could be:

  1. Modify the source code of httpd adapting to AFL++.
  2. Compile with AFL++
  3. Create the test cases (and/or add a dictionary)
  4. Fuzz (and profit).

AFL++ can works without instrumentation, but in my opinion for your porpose is better if you use a network protocol fuzzer (e.g. boofuzz). Even for Web applications you have Burp Suite (turbo intruder is a very good plugin) or ZAP (as you said)

sinkmanu
  • 1,034
  • 1
  • 12
  • 24
  • Thanks you for replying. There are some works on protocol fuzzer, but I can't find one for web application 'crash'. I expect it should be buffer overflow or command injection risk. – desionxxx Jan 13 '21 at 01:03
  • I am trying not recompile the source code, so I want to use qemu mode of AFL++ . – desionxxx Jan 13 '21 at 01:06