Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Introduction to Fuzzing with AFL

Ayush Priya
November 16, 2021

Introduction to Fuzzing with AFL

This talk is an introduction to using AFL or American Fuzzy Lop to fuzz binaries.

Ayush Priya

November 16, 2021
Tweet

More Decks by Ayush Priya

Other Decks in Technology

Transcript

  1. What am I learning? • What is fuzzing and fuzzers?

    • What is AFL? • How to use AFL?
  2. Why am I learning this? • Discover undiscovered bugs •

    Build a robust approach to development • (Maybe make some money)
  3. What is Fuzzing? • A form of testing • Random

    invalid input • Behaviour analysis
  4. Why fuzz at all? • Unique test cases • Eliminates

    methodology bias • Metrics - Code Coverage, Path Coverage
  5. Prerequisites • GCC, CLang • GDB, Exploitable • Screen •

    Libtool-bin, automake, bison, libglib2.0-dev, qemu
  6. AFL Workflow • Compiling the binary with AFL’s compilers •

    Building a Test Corpus • Running AFL on the target binary • Analyse findings
  7. Compiling with AFL $ export CC=afl-clang-fast $ export AFL_HARDEN=1 $

    export AFL_INST_RATIO=100 $ ./configure $ make
  8. Fuzzing with source • Build binary from source AFL •

    Add test cases to afl_in • Fuzz! $ afl-fuzz -i in/ -o out/ -- ./bin @@
  9. Parallel Fuzzing • One core per fuzzer • Check free

    cores $ afl-fuzz -i in -o out -M f1 -- ./bin @@ $ afl-fuzz -i in -o out -S f2 -- ./bin @@
  10. GDB and Exploitable • Open binary with GDB • Choose

    a crash case • Run test case • Classify with Exploitable
  11. Optimising Fuzzing • Execution Speed, Fail Fast • Isolate test

    code • Minimise test cases • Minimise test files