Latest revision as of 21:40, 16 April 2017

Link to more information: https://necurity.co.uk/netsec/2015/03/30/Fun-With-AFL.html#sthash.h9Aurb7C.dpbs

American fuzzy lop is a program for Fuzzing. It is very sophisticated and can be instrumented with a binary to do very targeted fuzzing.

Installing

Get the latest version, and run make to make it:

$ wget http://lcamtuf.coredump.cx/afl/releases/afl-latest.tgz 
$ tar -xvf afl-latest.tgz cd afl-latest.tgz
$ cd afl-*
$ make 
$ make install

Success!

root@morpheus:~/codes/afl-2.10b# which afl-fuzz
/usr/local/bin/afl-fuzz

Fuzzing a Program

Programs that can be fuzzed are those that take input files, usually binary files or unusual formats. (Think mp3, multimedia, images, etc.)

wget http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.1.6.tar.gz 
tar -xvf libressl-2.1.6.tar.gz cd libressl-2.1.6/ 
CC=~/afl/afl-1.57b/afl-gcc ./configure 
make check 
mkdir /root/testing 
export DESTDIR=/root/testing/ 
make install

Links

Nice overview and tutorial to causing and exploring program crashes: http://necurity.co.uk/netsec/2015-03-26-Fun-With-AFL/#sthash.h9Aurb7C.dpbs

Flags

@@ Line 1: / Line 1: @@
-Fuzzer
+Link to more information: https://necurity.co.uk/netsec/2015/03/30/Fun-With-AFL.html#sthash.h9Aurb7C.dpbs
-https://necurity.co.uk/netsec/2015/03/30/Fun-With-AFL.html#sthash.h9Aurb7C.dpbs
+American fuzzy lop is a program for [[Fuzzing]]. It is very sophisticated and can be instrumented with a binary to do very targeted fuzzing.
-=About=
-American fuzzy lop is a program for fuzzing inputs. It is very sophisticated and can be instrumented with a binary to do very targeted fuzzing.
 =Installing=
@@ Line 30: / Line 26: @@
 Programs that can be fuzzed are those that take input files, usually binary files or unusual formats. (Think mp3, multimedia, images, etc.)
-We'll be fuzzing [[John the Ripper]] to understand how AFL works.
+<pre>
+wget http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.1.6.tar.gz
+tar -xvf libressl-2.1.6.tar.gz cd libressl-2.1.6/
+CC=~/afl/afl-1.57b/afl-gcc ./configure
+make check
+mkdir /root/testing
+export DESTDIR=/root/testing/
+make install
+</pre>
-==Compiling John the Ripper==
+[[Image:AmericanFuzzyLoop1.png|500px]]
-We want to download and compile John so that it will be instrumented.
+[[Image:AmericanFuzzyLoop2.png|500px]]
-===Dependencies===
+=Links=
-Start with dependencies - OpenSSL development libs:
+Nice overview and tutorial to causing and exploring program crashes: http://necurity.co.uk/netsec/2015-03-26-Fun-With-AFL/#sthash.h9Aurb7C.dpbs
-<pre>
+=Flags=
-# apt-get install --fix-missing libssl-dev
-</pre>
-===Get John the Ripper===
-<pre>
+{{FuzzingFlag}}
-# git clone git@github.com:magnumripper/JohnTheRipper.git
-# cd JohnTheRipper/src
-# ./configure --help
-</pre>
-===Compile John the Ripper===
+{{KaliFlag}}

American Fuzzy Lop: Difference between revisions

From charlesreid1

Latest revision as of 21:40, 16 April 2017

Contents

Installing

Fuzzing a Program

Links

Flags