Practical Guide to Fuzzing Programs with AFL
Fuzzing a Real Program
With AFL
Let’s Fuzz NASM
•
NASM: Netwide Assembler
•
Chosen because
–
Source code is readily available
–
Compiles quickly and easily
–
Simple enough to create test cases
–
Complex enough to give us lots to fuzz
–
Code is a bit rough (Might find real 0days! :) )
Obtain AFL
•
Download the latest build
–
wget http://lcamtuf.coredump.cx/afl/releases/afl-latest.tgz
•
Extract it
–
tar xzvf afl-latest.tgz
•
Build it
–
cd afl-
[version]
/
–
make
Obtain NASM
•
Download
–
git clone
https://github.com/letolabs/nasm.git
•
Build with AFL
–
cd nasm
–
./autogen.sh
–
CC=/path/to/afl-gcc ./configure
–
make
Create Some Samples
•
mkdir in out
•
nano in/1.asm in/2.asm in/3.asm ...
Optional: Minimize Your Samples
•
for F in $(ls in/); do
/path/to/afl-tmin -i in/$F -o in/$F.min \
/path/to/nasm -f elf -o /dev/null @@
done
Start The Fuzzer
•
/path/to/afl-fuzz -i in -o out \
/path/to/nasm -f elf -o /dev/null @@
Good Luck !
•
This can take days... weeks... years...
•
Let it complete at least >25 cycles
•
If it’s taking too long, shrink your samples
Explore the process of fuzzing a real program using American Fuzzy Lop (AFL) with NASM, a popular Netwide Assembler. Learn how to obtain AFL and NASM, create test samples, minimize samples, start the fuzzer, and receive tips for successful fuzzing. Embrace the journey that may take days, weeks, or even years to complete.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
Fuzzing a Real Program With AFL
Lets Fuzz NASM NASM: Netwide Assembler Chosen because Source code is readily available Compiles quickly and easily Simple enough to create test cases Complex enough to give us lots to fuzz Code is a bit rough (Might find real 0days! :) )
Obtain AFL Download the latest build wget http://lcamtuf.coredump.cx/afl/releases/afl-latest.tgz Extract it tar xzvf afl-latest.tgz Build it cd afl-[version]/ make
Obtain NASM Download git clone https://github.com/letolabs/nasm.git Build with AFL cd nasm ./autogen.sh CC=/path/to/afl-gcc ./configure make
Create Some Samples mkdir in out nano in/1.asm in/2.asm in/3.asm ...
Optional: Minimize Your Samples for F in $(ls in/); do /path/to/afl-tmin -i in/$F -o in/$F.min \ /path/to/nasm -f elf -o /dev/null @@ done
Start The Fuzzer /path/to/afl-fuzz -i in -o out \ /path/to/nasm -f elf -o /dev/null @@
Good Luck ! This can take days... weeks... years... Let it complete at least >25 cycles If it s taking too long, shrink your samples
