Tutorials

Here are some good write-ups to show how to effectively use AFL++:

  • https://aflplus.plus/docs/tutorials/libxml2_tutorial/
  • https://bananamafia.dev/post/gb-fuzz/
  • https://securitylab.github.com/research/fuzzing-challenges-solutions-1
  • https://securitylab.github.com/research/fuzzing-software-2
  • https://securitylab.github.com/research/fuzzing-sockets-FTP
  • https://securitylab.github.com/research/fuzzing-sockets-FreeRDP
  • https://securitylab.github.com/research/fuzzing-apache-1

If you do not want to follow a tutorial but rather try an exercise type of training, then we can highly recommend the following:

  • https://github.com/antonio-morales/Fuzzing101

If you are interested in fuzzing structured data (where you define what the structure is), these links have you covered:

  • Superion for AFL++: https://github.com/adrian-rt/superion-mutator
  • libprotobuf for AFL++: https://github.com/P1umer/AFLplusplus-protobuf-mutator
  • libprotobuf raw: https://github.com/bruce30262/libprotobuf-mutator_fuzzing_learning/tree/master/4_libprotobuf_aflpp_custom_mutator
  • libprotobuf for old AFL++ API: https://github.com/thebabush/afl-libprotobuf-mutator

If you find other good ones, please send them to us :-)

Powered by Gitiles| Privacy| Terms
sourcelogblame