Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Introduction to Fuzzing with AFL
Search
Ayush Priya
November 16, 2021
Technology
0
31
Introduction to Fuzzing with AFL
This talk is an introduction to using AFL or American Fuzzy Lop to fuzz binaries.
Ayush Priya
November 16, 2021
Tweet
Share
More Decks by Ayush Priya
See All by Ayush Priya
Scrubbing PII from Logs in LogStash
ayushpriya10
0
790
Introduction to Deserialization Attacks
ayushpriya10
2
650
Web Assembly for Hackers
ayushpriya10
0
49
Other Decks in Technology
See All in Technology
Language Update: Java
skrb
1
130
努力家なスクラムマスターが陥る「傍観者」という罠と乗り越えた先に信頼があった話 / 20250830 Takahiro Sasaki
shift_evolve
PRO
2
130
Kubernetes における cgroup driver のしくみ: runwasi の bugfix より
z63d
2
110
ソフトウェア エンジニアとしての 姿勢と心構え
recruitengineers
PRO
26
12k
シークレット管理だけじゃない!HashiCorp Vault でデータ暗号化をしよう / Beyond Secret Management! Let's Encrypt Data with HashiCorp Vault
nnstt1
2
130
攻撃と防御で実践するプロダクトセキュリティ演習~導入パート~
recruitengineers
PRO
3
1.7k
Browser
recruitengineers
PRO
8
2.1k
ヒューリスティック評価を用いたゲームQA実践事例
gree_tech
PRO
0
420
ZOZOマッチのアーキテクチャと技術構成
zozotech
PRO
2
1.1k
Skrub: machine-learning with dataframes
gaelvaroquaux
0
100
AWSで推進するデータマネジメント
kawanago
0
770
TypeScript入門
recruitengineers
PRO
34
11k
Featured
See All Featured
What’s in a name? Adding method to the madness
productmarketing
PRO
23
3.6k
Stop Working from a Prison Cell
hatefulcrawdad
271
21k
The Power of CSS Pseudo Elements
geoffreycrofte
77
5.9k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
How to Ace a Technical Interview
jacobian
279
23k
Statistics for Hackers
jakevdp
799
220k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
9
790
Mobile First: as difficult as doing things right
swwweet
224
9.9k
The Straight Up "How To Draw Better" Workshop
denniskardys
236
140k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k
Balancing Empowerment & Direction
lara
3
600
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
48
9.7k
Transcript
Introduction to fuzzing with AFL
Ayush Priya VIT, Vellore @ayushpriya10 https://ayushpriya.com https://www.linkedin.com/in/ayushpriya10
What am I learning? • What is fuzzing and fuzzers?
• What is AFL? • How to use AFL?
Why am I learning this? • Discover undiscovered bugs •
Build a robust approach to development • (Maybe make some money)
What is Fuzzing? • A form of testing • Random
invalid input • Behaviour analysis
"You can find bugs in your sleep." - Craig Young
Why fuzz at all? • Unique test cases • Eliminates
methodology bias • Metrics - Code Coverage, Path Coverage
Types of fuzzers • Mutational • Grammar • Feedback-based
Introduction to AFL • Open-source • Smart fuzzer: PoC -
“Hello JPG”
Prerequisites • GCC, CLang • GDB, Exploitable • Screen •
Libtool-bin, automake, bison, libglib2.0-dev, qemu
Installation • Install AFL • Enable LLVM mode • Enable
QEMU mode
AFL Workflow • Compiling the binary with AFL’s compilers •
Building a Test Corpus • Running AFL on the target binary • Analyse findings
Compiling with AFL $ export CC=afl-clang-fast $ export AFL_HARDEN=1 $
export AFL_INST_RATIO=100 $ ./configure $ make
Building Test Corpus • Supplying test case(s) $ cp /bin/ps
afl_in/
Fuzzing with source • Build binary from source AFL •
Add test cases to afl_in • Fuzz! $ afl-fuzz -i in/ -o out/ -- ./bin @@
Parallel Fuzzing • One core per fuzzer • Check free
cores $ afl-fuzz -i in -o out -M f1 -- ./bin @@ $ afl-fuzz -i in -o out -S f2 -- ./bin @@
Output Structure • One folder per fuzzer • /crashes, /hangs,
/queue
Analysing AFL Screen
Hands-on • Clone fuzzgoat • Compile with AFL • Fuzz
in parallel • Check status
GDB and Exploitable • Open binary with GDB • Choose
a crash case • Run test case • Classify with Exploitable
Optimising Fuzzing • Execution Speed, Fail Fast • Isolate test
code • Minimise test cases • Minimise test files
Fuzzing a binary without source • Linux binaries • AFL’s
QEMU Mode
Limitations of AFL • Supports file/STDIN input • Supports selective
binaries • Supports selective OSs
Thanks!