Dongjia Zhang
GitHub
parent
96ef72e682
commit
30f8fd44ef
@ -17,3 +17,4 @@ opt-level = 3
|
|||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
libafl = { path = "../../libafl/" }
|
libafl = { path = "../../libafl/" }
|
||||||
|
clap = { version = "3.0.0-beta.2", features = ["default"] }
|
||||||
@ -1,7 +1,13 @@
|
|||||||
# Simple Forkserver Fuzzer
|
# Simple Forkserver Fuzzer
|
||||||
|
|
||||||
This is a simple fuzzer to test the ForkserverExecutor.
|
This is a simple example fuzzer to fuzz a executable instrumented by afl-cc.
|
||||||
You can test it with the following procedures.
|
## Usage
|
||||||
1. `cargo build --release`
|
You can build this example by `cargo build --release`.
|
||||||
2. `cp ./target/release/forkserver_simple .`
|
This downloads AFLplusplus/AFLplusplus and compiles the example harness program in src/program.c with afl-cc
|
||||||
3. `taskset -c 1 ./forkserver_simple`
|
|
||||||
|
## Run
|
||||||
|
After you build it you can run
|
||||||
|
`cp ./target/release/forkserver_simple .` to copy the fuzzer into this directory,
|
||||||
|
and you can run
|
||||||
|
`taskset -c 1 ./forkserver_simple ./target/release/program ./corpus/ -t 1000` to run the fuzzer.
|
||||||
|
`taskset` binds this process to a specific core to improve the throughput.
|
||||||
@ -24,9 +24,36 @@ use libafl::{
|
|||||||
};
|
};
|
||||||
use std::path::PathBuf;
|
use std::path::PathBuf;
|
||||||
|
|
||||||
|
use clap::{App, Arg};
|
||||||
|
|
||||||
#[allow(clippy::similar_names)]
|
#[allow(clippy::similar_names)]
|
||||||
pub fn main() {
|
pub fn main() {
|
||||||
let corpus_dirs = vec![PathBuf::from("./corpus")];
|
let res = App::new("forkserver_simple")
|
||||||
|
.about("Example Forkserver fuzer")
|
||||||
|
.arg(
|
||||||
|
Arg::new("executable")
|
||||||
|
.about("The instrumented binary we want to fuzz")
|
||||||
|
.required(true)
|
||||||
|
.index(1)
|
||||||
|
.takes_value(true),
|
||||||
|
)
|
||||||
|
.arg(
|
||||||
|
Arg::new("in")
|
||||||
|
.about("The directory to read initial inputs from ('seeds')")
|
||||||
|
.required(true)
|
||||||
|
.index(2)
|
||||||
|
.takes_value(true),
|
||||||
|
)
|
||||||
|
.arg(
|
||||||
|
Arg::new("timeout")
|
||||||
|
.about("Timeout for each individual execution, in milliseconds")
|
||||||
|
.short('t')
|
||||||
|
.long("timeout")
|
||||||
|
.default_value("1200"),
|
||||||
|
)
|
||||||
|
.get_matches();
|
||||||
|
|
||||||
|
let corpus_dirs = vec![PathBuf::from(res.value_of("in").unwrap().to_string())];
|
||||||
|
|
||||||
const MAP_SIZE: usize = 65536;
|
const MAP_SIZE: usize = 65536;
|
||||||
|
|
||||||
@ -99,13 +126,19 @@ pub fn main() {
|
|||||||
// Create the executor for the forkserver
|
// Create the executor for the forkserver
|
||||||
let mut executor = TimeoutForkserverExecutor::new(
|
let mut executor = TimeoutForkserverExecutor::new(
|
||||||
ForkserverExecutor::new(
|
ForkserverExecutor::new(
|
||||||
"./target/release/program".to_string(),
|
res.value_of("executable").unwrap().to_string(),
|
||||||
&[],
|
&[],
|
||||||
true,
|
true,
|
||||||
tuple_list!(edges_observer, time_observer),
|
tuple_list!(edges_observer, time_observer),
|
||||||
)
|
)
|
||||||
.unwrap(),
|
.unwrap(),
|
||||||
Duration::from_millis(5000),
|
Duration::from_millis(
|
||||||
|
res.value_of("timeout")
|
||||||
|
.unwrap()
|
||||||
|
.to_string()
|
||||||
|
.parse()
|
||||||
|
.expect("Could not parse timeout in milliseconds"),
|
||||||
|
),
|
||||||
)
|
)
|
||||||
.expect("Failed to create the executor.");
|
.expect("Failed to create the executor.");
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user