American Fuzzy Lop a.k.a AFL is a great fuzzing tool, however to make it work effectively , we need to make to take to take care of certain aspects. This post I will discuss about 'Harness'
Today I will show the approaches I took which led to an improved fuzzing results. Well I didn't get any successful crash during the short period of run but however the results improved - paths, map coverage, etc
I decided to fuzz the following application called "inih", which is an .ini file parser written in C
Link to Code in Github : https://github.com/benhoyt/inih
The first code I used is a sample provided from a sample example which is provided in the sample directory.
Modification 1 : None. I just tried to compile the sample test application and fuzz it
Code 1 :
Result 1 : Well we can see "odd, check syntax". It means that AFL is not able to find new paths, also we can see that the cycles are increasing but no new paths detected. So I decided to improve the code little bit
Modification 2 : Modified the code to take the file name via STDIN
Code 2 :
Result 2 : A negligible success as the path increased a little but then the cycle went on increasing
Modification 3 : Passed the filename via command line arguments and added the fuzz @@
Code 3 :
Result : The result was impressive. AFL found the paths rather quickly. There is a huge improvement in map and code coverage
So I concluded that writing a well harnessed program will significantly improve the fuzzing results.
Today I will show the approaches I took which led to an improved fuzzing results. Well I didn't get any successful crash during the short period of run but however the results improved - paths, map coverage, etc
I decided to fuzz the following application called "inih", which is an .ini file parser written in C
Link to Code in Github : https://github.com/benhoyt/inih
The first code I used is a sample provided from a sample example which is provided in the sample directory.
Modification 1 : None. I just tried to compile the sample test application and fuzz it
Result 1 : Well we can see "odd, check syntax". It means that AFL is not able to find new paths, also we can see that the cycles are increasing but no new paths detected. So I decided to improve the code little bit
Modification 2 : Modified the code to take the file name via STDIN
Code 2 :
Result 2 : A negligible success as the path increased a little but then the cycle went on increasing
Modification 3 : Passed the filename via command line arguments and added the fuzz @@
Code 3 :
Result : The result was impressive. AFL found the paths rather quickly. There is a huge improvement in map and code coverage
So I concluded that writing a well harnessed program will significantly improve the fuzzing results.