American Fuzzy Lop

1. Installation

Download the source code (http://lcamtuf.coredump.cx/afl/) to compile the installation.

2. Inserting piles

gcc/g++ to recompile the target program is as follows:
CC=/PATH/TO/AFL/AFL-GCC./configure
Make clean all
For a C + + program, set:
cxx=/path/to/afl/afl-g++.

Afl-clang and afl-clang++ are used in a similar way.

3. Running

Afl-fuzz-i Dirofin-o dirofout Pathofprogram

Afl-fuzz is responsible for the process of fuzzing, you need to specify a directory for the initial test cases, a directory to store the findings, and a directory for the target program.

For the target program that reads the input directly from the stdin, the syntax is as follows:
$./afl-fuzz-i Testcase_dir-o Findings_dir/path/to/program [...]

For the target program to read input from the file, use "@@", the syntax is as follows:
$./afl-fuzz-i Testcase_dir-o Findings_dir/path/to/program @@

You can also use the-f option to write the mutation data to a specified file.
The target program without being instrument can be fuzz with the QEMU mode (-Q), or directly with Blind-fuzzer mode (-N).
Use the-t and-M options to set the default timeout and memory limit for the fuzz process.
The fuzzing process for general Afl-fuzz lasts for several days, and if you want to end early, you can use the-D option.

American Fuzzy Lop