-
Notifications
You must be signed in to change notification settings - Fork 9
Fuzzer Reference
This page takes a more in-depth look at how to write fuzz harnesses for the languages supported and how to write build-steps and environment files.
This section details the provided AFL-based fuzzers.
Take a look at the AFL Documentation for details on how to use AFL itself.
To fuzz C/C++ based code, compile your code in build-steps with one of the following:
/root/afl/afl-gcc/root/afl/afl-g++/root/afl/afl-clang/root/afl/afl-clang++
Or, to make use of AFL persistent mode:
/root/afl/afl-clang-fast/root/afl/afl-clang-fast++
And then set your AFL_FUZZ variable in environment to /root/afl/afl-fuzz
-
Write a test harness, harness.rb, that takes input either via stdin or as a file and passes it to the code you wish to test
-
Set the
AFL_BINARYvariable inenvironmenttoruby $BUILD_FILES/harness.rb -
The Ruby binary in the Docker container has been instrumented with AFL (and ASAN if specified in config) and will fuzz properly out of the box
Use the same compiler and fuzz binaries as the C/C++ instructions above.
COMING: short tutorial on how to create C-based ruby test harnesses.
Follow the instructions on the python-afl page to set up your test harness
And then set your AFL_FUZZ variable in environment to py-afl-fuzz, and your AFL_BINARY variable to python $BUILD_FILES/<your_harness>.py
This section details the Gofuzz functionality.
Take a look at the Gofuzz Documentation for details on how to use Gofuzz itself.
go-fuzz is provided in this image. To ensure compatibility, compile the go-fuzz archive to be used when fuzzing on this Docker image, or a similar Linux distribution.
Then, set GO_FUZZ_ZIP in environment to $BUILD_FILES/<go_fuzz_zip_name>.zip