GithubHelp home page GithubHelp logo

afl-fuzzing-demos's Introduction

afl fuzzing demos

afl or american fuzzy lop has been getting a lot of buzz recently. So let's have a go at fuzzing things with afl and python-afl

Installing Fuzzing Tools

Approach

Usage of afl (without python-afl) (docs):

  • afl-fuzz -i testcase_dir -o findings_dir /path/to/program [...params...]

Note: upon first run, you may be advised to take certain actions to ensure afl's performance is reasonable

Usage of python-afl (docs):

  • Add this code (ideally, after all other modules are already imported) to the target program:
    import afl
    afl.start()

  • Use py-afl-fuzz instead of afl-fuzz:

    `$ py-afl-fuzz [options] -- /path/to/fuzzed/python/script [...]`compound

Fuzzing Python's JSON library

assuming a layout:

python-afl/
└── py-afl-fuzz
afl-fuzzing-demos/
├── json
│   ├── afl_findings/
│   ├── afl_testcases/
│   ├── demo.py
│   └── README.md
└── README.md
  • cd afl-fuzzing-demos
  • ../python-afl/py-afl-fuzz -i json/afl_testcases/ -o json/afl_findings/ -- python json/demo.py

I'm using some very basic testcases to get the fuzzer started, e.g. {"a":true} & {"1":2}, this should start it off with basic json syntax and it'll mutate from there.

Note: afl makes constant reads & writes to the file system, so if you're running on an SSD it's a good idea to replace the output directory with an in-memory RAM disk folder. E.g. on debian based systems, the shared memory directory /run/shm/. But obviously remember, the results won't survive a reboot, so copying the results out like this might be best:

mkdir -p /run/shm/json/afl_findings

../python-afl/py-afl-fuzz \
    -i json/afl_testcases/ \
    -o /run/shm/json/afl_findings \
    -- python json/demo.py; cp -r /run/shm/json/afl_findings json/

When you're finished, Ctrl-C and see what you come up with in json/afl_findings. You'll start to see output after a few seconds, but it's usual to leave a fuzzer running for a few days or more.

Console after all night fuzzing

image

bidict

fuzzing by script

mkdir -p /run/shm/bidict/afl_findings

../python-afl/py-afl-fuzz \
    -i bidict/afl_testcases/ \
    -o /run/shm/bidict/afl_findings \
    -- python bidict/fuzz_script.py; cp -r /run/shm/bidict/afl_findings bidict/

try running outputs against script:

for f in bidict/afl_findings/hangs/id*; do cat $f | python bidict/fuzz_script.py; done

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.