|
|
@ -29,7 +29,7 @@ make distrib
|
|
|
|
sudo make install
|
|
|
|
sudo make install
|
|
|
|
```
|
|
|
|
```
|
|
|
|
安装完成后可以在使用afl-fuzz命令测试是否安装成功
|
|
|
|
安装完成后可以在使用afl-fuzz命令测试是否安装成功
|
|
|
|
![[Pasted image 20241022154707.png]]
|
|
|
|
![[1.png]]
|
|
|
|
|
|
|
|
|
|
|
|
# 三、运行示例
|
|
|
|
# 三、运行示例
|
|
|
|
|
|
|
|
|
|
|
@ -79,7 +79,7 @@ int main()
|
|
|
|
|
|
|
|
|
|
|
|
在模糊测试前先要进行**源码编译插桩**和**创建语料库**
|
|
|
|
在模糊测试前先要进行**源码编译插桩**和**创建语料库**
|
|
|
|
1. 源码编译插桩:**使用 afl++ 自带的插桩编译器**:afl-gcc
|
|
|
|
1. 源码编译插桩:**使用 afl++ 自带的插桩编译器**:afl-gcc
|
|
|
|
![[Pasted image 20241022155353.png]]
|
|
|
|
![[2.png]]
|
|
|
|
2. 准备语料库:作为程序输入的原始材料,必须有才可以运行,原始材料越好漏洞发现的越快
|
|
|
|
2. 准备语料库:作为程序输入的原始材料,必须有才可以运行,原始材料越好漏洞发现的越快
|
|
|
|
```shell
|
|
|
|
```shell
|
|
|
|
➜ afl echo "abc" >> ./input/seed1
|
|
|
|
➜ afl echo "abc" >> ./input/seed1
|
|
|
@ -118,14 +118,11 @@ afl-fuzz++4.22a based on afl by Michal Zalewski and a large online community
|
|
|
|
len = 4, map size = 5, exec speed = 157 us, hash = ad4e684fcf34ff0e
|
|
|
|
len = 4, map size = 5, exec speed = 157 us, hash = ad4e684fcf34ff0e
|
|
|
|
[+] All test cases processed.
|
|
|
|
[+] All test cases processed.
|
|
|
|
[+] Here are some useful stats:
|
|
|
|
[+] Here are some useful stats:
|
|
|
|
|
|
|
|
|
|
|
|
Test case count : 1 favored, 0 variable, 0 ignored, 1 total
|
|
|
|
Test case count : 1 favored, 0 variable, 0 ignored, 1 total
|
|
|
|
Bitmap range : 5 to 5 bits (average: 5.00 bits)
|
|
|
|
Bitmap range : 5 to 5 bits (average: 5.00 bits)
|
|
|
|
Exec timing : 157 to 157 us (average: 157 us)
|
|
|
|
Exec timing : 157 to 157 us (average: 157 us)
|
|
|
|
|
|
|
|
|
|
|
|
[*] No -t option specified, so I'll use an exec timeout of 20 ms.
|
|
|
|
[*] No -t option specified, so I'll use an exec timeout of 20 ms.
|
|
|
|
[+] All set and ready to roll!
|
|
|
|
[+] All set and ready to roll!
|
|
|
|
|
|
|
|
|
|
|
|
american fuzzy lop ++4.22a {default} (./test) [explore]
|
|
|
|
american fuzzy lop ++4.22a {default} (./test) [explore]
|
|
|
|
┌─ process timing ────────────────────────────────────┬─ overall results ────┐
|
|
|
|
┌─ process timing ────────────────────────────────────┬─ overall results ────┐
|
|
|
|
│ run time : 0 days, 0 hrs, 0 min, 1 sec │ cycles done : 15 │
|
|
|
|
│ run time : 0 days, 0 hrs, 0 min, 1 sec │ cycles done : 15 │
|
|
|
@ -150,7 +147,6 @@ afl-fuzz++4.22a based on afl by Michal Zalewski and a large online community
|
|
|
|
│py/custom/rq : unused, unused, unused, unused ├───────────────────────┘
|
|
|
|
│py/custom/rq : unused, unused, unused, unused ├───────────────────────┘
|
|
|
|
│ trim/eff : n/a, 25.00% │ [cpu000: 12%]
|
|
|
|
│ trim/eff : n/a, 25.00% │ [cpu000: 12%]
|
|
|
|
└─ strategy: explore ────────── state: started :-) ──┘^C
|
|
|
|
└─ strategy: explore ────────── state: started :-) ──┘^C
|
|
|
|
|
|
|
|
|
|
|
|
+++ Testing aborted by user +++
|
|
|
|
+++ Testing aborted by user +++
|
|
|
|
[*] Writing output//default/fastresume.bin ...
|
|
|
|
[*] Writing output//default/fastresume.bin ...
|
|
|
|
[+] Written fastresume.bin with 295308 bytes!
|
|
|
|
[+] Written fastresume.bin with 295308 bytes!
|
|
|
|