Social

Lesser-known features of afl-fuzz

/ with No comments /


AFL is designed to be simple to use, but there are quite a few advanced, time-saving features that may be easy to overlook. So, here are several useful tricks that aren't covered in README:





  • Test case postprocessing: need to fix up checksums or length fields in a particular file format? AFL supports modular postprocessors that can take care of this for you. See experimental/post_library/ for sample code and other tips.



  • Deferred forkserver: stuck with a binary that initializes a lot of stuff before actually getting to the input data? When using clang, you can avoid this CPU overhead by instructing AFL to clone the process from an already-initialized image. It's simpler than it sounds - have a look at llvm_mode/README.llvm for advice.



  • Helpful stats: in addition to using afl-plot to generate pretty progress graphs, you can also directly parse <out_dir>/fuzzer_stats for machine-readable statistics on any background tasks. The afl-whatsup script is a simple demo of that.



  • Faster resume: if you don't care about detecting non-deterministic behavior in tested binaries, set AFL_NO_VAR_CHECK=1 before resuming afl-fuzz jobs. It can speed things up by a factor of ten. While you're at it, be sure to see docs/perf_tips.txt for other performance tips.



  • Heterogeneous parallelization: the parallelization mechanism described in docs/parallel_fuzzing.txt can be very easily used to co-fuzz several different parsers using a shared corpus, or to seamlessly couple afl-fuzz to any other guided tools - say, symbolic execution frameworks.



  • Third-party tools: have a look at docs/sister_projects.txt for a collection of third-party tools that help you manage multiple instances of AFL, simplify crash triage, allow you to fuzz network servers or clients, and add support for languages such as Python or Go.



  • Minimizing stuff: when you have a crashing test case, afl-tmin will work even with non-instrumented binaries - so you can use it to shrink and simplify almost anything, even if it has nothing to do with AFL.






Enjoy!


Related Posts:

  • De utrolige pengemaskineneVi må ikke la fakta og fornuft ødelegge troen på offentlig eierskap i kraftbransjen. Vannkraft er en fantastisk pengemaskin. Det sier seg selv at… Read More
  • A bit more on the economics of BitcoinI'm still trying to understand the details of how cryptocurrencies like Bitcoin work. But the general principles involved seem clear enough, so let me… Read More
  • Monitoring Japan I am as curious as anyone in ascertaining the effects of Japanese Prime Minster Shinzo Abe's QE experiment. Miles Kimball points us here to an e… Read More
  • Are negative interest rates really the solution? Miles Kimball believes that the zero lower bound (ZLB) constitutes a significant economic problem (he is not alone, of course). His viewpoint is expre… Read More
  • Selg StatoilProfessor Øystein Noreng argumenterer i DN onsdag at regjeringen ikke bør selge seg ned i Statoil fordi de vil miste kontroll med selskapet og at hove… Read More

0 nhận xét:

Đăng nhận xét

Đăng ký: Đăng Nhận xét (Atom)