Lock in $30 Savings on PRO—Offer Ends Soon! ⏳

Introduction to Fuzzing with AFL

Avatar for Ayush Priya Ayush Priya
November 16, 2021
Technology
0
33

Introduction to Fuzzing with AFL

This talk is an introduction to using AFL or American Fuzzy Lop to fuzz binaries.

Avatar for Ayush Priya

Ayush Priya

November 16, 2021
Tweet

More Decks by Ayush Priya

See All by Ayush Priya
Scrubbing PII from Logs in LogStash
Avatar for Ayush Priya ayushpriya10
0
810
Introduction to Deserialization Attacks
Avatar for Ayush Priya ayushpriya10
2
670
Web Assembly for Hackers
Avatar for Ayush Priya ayushpriya10
0
52

Other Decks in Technology

See All in Technology
useEffectってなんで非推奨みたいなこと言われてるの?
Avatar for マグロ隊長kinTV maguroalternative
9
6.2k
Noを伝える技術2025: 爆速合意形成のためのNICOフレームワーク速習 #pmconf2025
Avatar for Aki / @LoveIdahoBurger aki_iinuma
2
1k
なぜフロントエンド技術を追うのか?なぜカンファレンスに参加するのか?
Avatar for sakito sakito
9
1.9k
Symfony AI in Action
Avatar for Christopher Hertel el_stoffel
2
370
その設計、 本当に価値を生んでますか?
Avatar for akshimo shimomura
2
180
Digitization部 紹介資料
Avatar for Sansan, Inc. sansan33
PRO
1
6.1k
日本Rubyの会の構造と実行とあと何か / hokurikurk01
Avatar for Masayoshi Takahashi takahashim
2
410
Multimodal AI Driving Solutions to Societal Challenges
Avatar for Semantic Machine Intelligence Lab., Keio Univ. keio_smilab
PRO
1
120
履歴テーブル、今回はこう作りました 〜 Delegated Types編 〜 / How We Built Our History Table This Time — With Delegated Types
Avatar for moznion moznion
15
9.4k
知っていると得する!Movable Type 9 の新機能を徹底解説
Avatar for hayase masakah
0
200
Docker, Infraestructuras seguras y Hardening
Avatar for José Juan Sánchez Hernández josejuansanchez
0
150
【5分でわかる】セーフィー エンジニア向け会社紹介
Avatar for Safie safie_recruit
0
37k

Featured

See All Featured
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
Avatar for Sam Stephenson sstephenson
162
15k
Become a Pro
Avatar for Speaker Deck speakerdeck
PRO
30
5.7k
How STYLIGHT went responsive
Avatar for nonsquared nonsquared
100
5.9k
Building an army of robots
Avatar for Kyle Neath kneath
306
46k
The World Runs on Bad Software
Avatar for Brandon Keepers bkeepers
PRO
72
12k
We Have a Design System, Now What?
Avatar for Morgane Peng morganepeng
54
7.9k
The Language of Interfaces
Avatar for Des Traynor destraynor
162
25k
Performance Is Good for Brains [We Love Speed 2024]
Avatar for Tammy Everts tammyeverts
12
1.3k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
Avatar for Stéphanie Walter stephaniewalter
285
14k
Optimising Largest Contentful Paint
Avatar for Harry Roberts csswizardry
37
3.5k
Building Applications with DynamoDB
Avatar for Matt Wood mza
96
6.8k
How To Stay Up To Date on Web Technology
Avatar for Chris Coyier chriscoyier
791
250k

Transcript

  1. Introduction to fuzzing with AFL

  2. Ayush Priya VIT, Vellore @ayushpriya10 https://ayushpriya.com https://www.linkedin.com/in/ayushpriya10

  3. What am I learning? • What is fuzzing and fuzzers?

    • What is AFL? • How to use AFL?

  4. Why am I learning this? • Discover undiscovered bugs •

    Build a robust approach to development • (Maybe make some money)

  5. What is Fuzzing? • A form of testing • Random

    invalid input • Behaviour analysis

  6. "You can find bugs in your sleep." - Craig Young

  7. Why fuzz at all? • Unique test cases • Eliminates

    methodology bias • Metrics - Code Coverage, Path Coverage

  8. Types of fuzzers • Mutational • Grammar • Feedback-based

  9. Introduction to AFL • Open-source • Smart fuzzer: PoC -

    “Hello JPG”

  10. Prerequisites • GCC, CLang • GDB, Exploitable • Screen •

    Libtool-bin, automake, bison, libglib2.0-dev, qemu

  11. Installation • Install AFL • Enable LLVM mode • Enable

    QEMU mode

  12. AFL Workflow • Compiling the binary with AFL’s compilers •

    Building a Test Corpus • Running AFL on the target binary • Analyse findings

  13. Compiling with AFL $ export CC=afl-clang-fast $ export AFL_HARDEN=1 $

    export AFL_INST_RATIO=100 $ ./configure $ make

  14. Building Test Corpus • Supplying test case(s) $ cp /bin/ps

    afl_in/

  15. Fuzzing with source • Build binary from source AFL •

    Add test cases to afl_in • Fuzz! $ afl-fuzz -i in/ -o out/ -- ./bin @@

  16. Parallel Fuzzing • One core per fuzzer • Check free

    cores $ afl-fuzz -i in -o out -M f1 -- ./bin @@ $ afl-fuzz -i in -o out -S f2 -- ./bin @@

  17. Output Structure • One folder per fuzzer • /crashes, /hangs,

    /queue

  18. Analysing AFL Screen

  19. Hands-on • Clone fuzzgoat • Compile with AFL • Fuzz

    in parallel • Check status

  20. GDB and Exploitable • Open binary with GDB • Choose

    a crash case • Run test case • Classify with Exploitable

  21. Optimising Fuzzing • Execution Speed, Fail Fast • Isolate test

    code • Minimise test cases • Minimise test files

  22. Fuzzing a binary without source • Linux binaries • AFL’s

    QEMU Mode

  23. Limitations of AFL • Supports file/STDIN input • Supports selective

    binaries • Supports selective OSs

  24. Thanks!