Stack Overflow
Stack Overflow

Questions tagged [american-fuzzy-lop]

american fuzzy lop is a security-oriented fuzzer that employs genetic algorithms in order to efficiently increase code coverage of the test cases. Questions using this tag should be about the use of american-fuzzy-lop or the development of code interfacing with it.

Additional reading: https://en.wikipedia.org/wiki/American_fuzzy_lop_(fuzzer)

Project's website: http://lcamtuf.coredump.cx/afl

41 questions
1
vote
1 answer

How to compile openssl with afl-gcc

I need to compile openssl 1.0.1f version with afl-fuzz and then use it in an application to find heartbleed bug. I have done so far; Go to openssl1.0.1f directory and run following command ./config CC="afl-gcc" CXX="afl-g++" ./config no-shared…
aneela
  • 1,457
  • 3
  • 24
  • 45
1
vote
1 answer

compiled with afl-gcc - No instrumentation detected

I want to fuzz my application with afl, but after replacing gcc with afl-gcc I still get the error: [-] PROGRAM ABORT : No instrumentation detected. I have created a simple C program to debug the issue: #include #include…
user1273684
  • 1,559
  • 15
  • 24
0
votes
0 answers

How to record each output during fuzzing?

I would like to record the output corresponding to each input during fuzzing, and when it is not equal to a specific value (instead of crashing) is to raise the fitness of the corresponding input. However, I have searched for the current mainstream…
ShawWu
  • 1
0
votes
0 answers

How to ignore the coverage for the harness in AFL++

I am using AFL++ to fuzz a program that includes a harness code that is not part of the actual target. I want to exclude the coverage of the harness from the AFL++, so that the generated test inputs only cover the relevant parts of the target…
Maray97
  • 140
  • 1
  • 11
0
votes
1 answer

AFL only explores 1 path and nothing more! ( last new path : none yet (odd, check syntax!) )

I am using AFL (version 2.57b) in a docker container (on Ubuntu 20.04) to fuzz several C programs. But the problem is, whenever I fuzz a program it does not explore more than 1 path and the output is something like this: the AFL output -- running In…
amdeilami
  • 1
  • 2
0
votes
0 answers

How do I call the AFL code coverage test module separately

I have a problem when using AFL:as we all know,AFL first mutation test case,and then use mutated test cases to get code coverage。Now i have a question,How to use code coverage module alone without mutation module?I checked the official…
malu
  • 11
  • 1
0
votes
1 answer

Why is AFL not catching a simple Memory error?

I am quite new to the AFL tool and read their quickstart guide. While the Klee tool, can detect the following bug, it seems like AFL is unable to catch it. Could someone please tell why is that the case? #include int get_sign(int x) { …
desert_ranger
  • 1,096
  • 3
  • 13
  • 26
0
votes
1 answer

Firmware AFL++ fuzzing fails

I want to do Iot firmware fuzzing by AFL++ on a Linux system https://blog.attify.com/fuzzing-iot-devices-part-1/ I have done the setup according to that link. when i run sudo QEMU_LD_PREFIX=./squashfs-root/ ../AFLplusplus/afl-fuzz -Q -i input-xml/…
saman naz
  • 53
  • 12
0
votes
0 answers

AFL-Fuzz - Odd, Check Syntax! - How to add command line arguments to binary?

I am attempting to fuzz a proprietary binary with no source code that accepts a config file. So the typical use case would be: ./File --config file.config The config is a bunch of different parameters that are required to run the rest of the…
Dijitaljedi
  • 1
  • 2
0
votes
1 answer

AFL-fuzz not finding any crashes

I am trying AFL for the first time, and for that reason i found a very simple vulnerable C code that i could use to test AFL. The C code in questions is #include #include int main(int argc, char * argv[]){ char…
Snox
  • 580
  • 1
  • 10
  • 24
0
votes
1 answer

Modifying AFL to include a new variable for the Fuzzer to consider in seed selection

I am looking on understanding how AFL implements its seed selection. To my understanding,afl-fuzz.c has a function called has_new_bits which returns values in identifying if the result of input creates a new path, new edge or if it is not an…
l0j0
  • 41
  • 4
0
votes
1 answer

Fuzz web application with AFL++ and record the error message

I am working on Linux. What I want to do is to fuzz a web application by afl++. My goal is not to find the risk of XSS/CSRF... (I think I can use ZAP or Burp to handle it.) I am focusing on what kind of input will occur 'crash'. At the same time,…
desionxxx
  • 21
  • 3
0
votes
2 answers

Why afl-g++ can't compile ImageMagick?

I'm trying to experiment some fuzz testing with the tool afl (link). I downloaded the source code of ImageMagick as described in the docs, but when I try to run ./configure with the afl compiler I get an error: $ CC=/usr/local/bin/afl-gcc…
Francesco
  • 897
  • 8
  • 22
0
votes
1 answer

AFL "(odd, check syntax!) "

I am trying to fuzz pngquant using AFL and noticed that I am seeing the odd, check syntax! warning. A previous answer says that AFL is probably not reading the input file I specified. I am able to invoke pngquant by providing the png file located in…
Keanu
  • 49
  • 6
0
votes
1 answer

Pytest6 and Python2? How to get them together?

I have a couple questions about QSYM and master-slave in AFL. export AFL_ROOT="/workdir/afl-2.52b" export INPUT="/workdir/example/input" export OUTPUT="/workdir/example/output" export AFL_CMDLINE="/workdir/example/test.bin @@" $AFL_ROOT/afl-fuzz -S…
user13610933
  • 13
  • 4
1
2
3