Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Introduction to Fuzzing with AFL
Search
Ayush Priya
November 16, 2021
Technology
0
26
Introduction to Fuzzing with AFL
This talk is an introduction to using AFL or American Fuzzy Lop to fuzz binaries.
Ayush Priya
November 16, 2021
Tweet
Share
More Decks by Ayush Priya
See All by Ayush Priya
Scrubbing PII from Logs in LogStash
ayushpriya10
0
730
Introduction to Deserialization Attacks
ayushpriya10
2
610
Web Assembly for Hackers
ayushpriya10
0
33
Other Decks in Technology
See All in Technology
不動産 x AIことはじめ~データの真価を拓くために
estie
0
110
DuckDB雑紹介(1.1対応版)@DuckDB座談会
ktz
6
1.4k
The XZ Backdoor Story
fr0gger
0
3.6k
不動産tech Product Night#2_AIことはじめ_GA橋本
takehikohashimoto
0
190
React Aria で実現する次世代のアクセシビリティ
ryo_manba
4
1.2k
ネットワークだけ隔離されたコンテナ作成デモ / Kichijoji.pm36
tenforward
1
230
グイグイ系QAマネージャーの仕事
sadonosake
0
340
再考 アクターモデル/ reconsider actor model
ytake
0
360
効果的なオンコール対応と障害対応
ryuichi1208
6
3.1k
開発者の定量・定性データを組み合わせて開発者体験を把握するための取り組み
ham0215
1
130
プログラム検証入門
riru
6
870
「家族アルバム みてね」における運用管理・ オブザーバビリティの全貌 / Overview of Operation Management and Observability in FamilyAlbum
isaoshimizu
4
160
Featured
See All Featured
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
278
13k
Designing with Data
zakiwarfel
98
5k
Fireside Chat
paigeccino
31
2.9k
YesSQL, Process and Tooling at Scale
rocio
167
14k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
26
2k
Git: the NoSQL Database
bkeepers
PRO
425
64k
How To Stay Up To Date on Web Technology
chriscoyier
786
250k
The Power of CSS Pseudo Elements
geoffreycrofte
71
5.3k
A Tale of Four Properties
chriscoyier
155
22k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
25
3.9k
Optimising Largest Contentful Paint
csswizardry
31
2.8k
Why Our Code Smells
bkeepers
PRO
334
56k
Transcript
Introduction to fuzzing with AFL
Ayush Priya VIT, Vellore @ayushpriya10 https://ayushpriya.com https://www.linkedin.com/in/ayushpriya10
What am I learning? • What is fuzzing and fuzzers?
• What is AFL? • How to use AFL?
Why am I learning this? • Discover undiscovered bugs •
Build a robust approach to development • (Maybe make some money)
What is Fuzzing? • A form of testing • Random
invalid input • Behaviour analysis
"You can find bugs in your sleep." - Craig Young
Why fuzz at all? • Unique test cases • Eliminates
methodology bias • Metrics - Code Coverage, Path Coverage
Types of fuzzers • Mutational • Grammar • Feedback-based
Introduction to AFL • Open-source • Smart fuzzer: PoC -
“Hello JPG”
Prerequisites • GCC, CLang • GDB, Exploitable • Screen •
Libtool-bin, automake, bison, libglib2.0-dev, qemu
Installation • Install AFL • Enable LLVM mode • Enable
QEMU mode
AFL Workflow • Compiling the binary with AFL’s compilers •
Building a Test Corpus • Running AFL on the target binary • Analyse findings
Compiling with AFL $ export CC=afl-clang-fast $ export AFL_HARDEN=1 $
export AFL_INST_RATIO=100 $ ./configure $ make
Building Test Corpus • Supplying test case(s) $ cp /bin/ps
afl_in/
Fuzzing with source • Build binary from source AFL •
Add test cases to afl_in • Fuzz! $ afl-fuzz -i in/ -o out/ -- ./bin @@
Parallel Fuzzing • One core per fuzzer • Check free
cores $ afl-fuzz -i in -o out -M f1 -- ./bin @@ $ afl-fuzz -i in -o out -S f2 -- ./bin @@
Output Structure • One folder per fuzzer • /crashes, /hangs,
/queue
Analysing AFL Screen
Hands-on • Clone fuzzgoat • Compile with AFL • Fuzz
in parallel • Check status
GDB and Exploitable • Open binary with GDB • Choose
a crash case • Run test case • Classify with Exploitable
Optimising Fuzzing • Execution Speed, Fail Fast • Isolate test
code • Minimise test cases • Minimise test files
Fuzzing a binary without source • Linux binaries • AFL’s
QEMU Mode
Limitations of AFL • Supports file/STDIN input • Supports selective
binaries • Supports selective OSs
Thanks!