Google Git
Sign in
android / platform / external / honggfuzz / fe73f48d70acf72028e102dc08e620d9078901fc / . / examples / apache-httpd
tree: d3f60869382d7e7bb10f6e6ab1516397c817f6db [path history] [tgz]
  1. corpus_http1/
  2. corpus_http2/
  3. httpd-master.honggfuzz.patch
  4. httpd.conf.h1
  5. httpd.conf.h2
  6. httpd.wordlist
  7. README.md
examples/apache-httpd/README.md

Fuzzing Apache 2.4

Requirements

  • honggfuzz
  • clang-4.0, or newer (5.0 works as well)
  • apache (e.g. 2.4.29 or from githubs' master branch)
  • apr, apr-utils, nghttp2

Preparation

Note: The examples provided below use hardcoded paths (here to /home/$USER/) and version strings of the libraries (e.g. apr-1.5.2). These will have to be modified, so they reflect your actual build environment.

  1. Compile honggfuzz
  2. Download and unpack the following packages: apr, apr-util, ngttp2, and Apache's httpd
  3. Patch Apache's httpd
$ cd httpd-master
$ patch -p1 < httpd-master.honggfuzz.patch
  1. Configure, compile and install Apache
  • edit compile_and_install.asan.sh so it contains valid versions/paths
$ ./compile_and_install.asan.sh
  1. Copy custom configuration files (httpd.conf.h1 and httpd.conf.h2) to /home/$USER/fuzz/apache/apache2/conf/ (i.e. to your apache dist directory)

$ cp httpd.conf.h1 httpd.conf.h2 /home/$USER/fuzz/apache/apache2/conf/

  1. Edit httpd.conf.h1 and httpd.conf.h2, so they contain valid configuration paths

Fuzzing

  • HTTP/1

$ honggfuzz/honggfuzz -i corpus_http1 -w ./httpd.wordlist -- ./apache2/bin/httpd -DFOREGROUND -f /home/$USER/fuzz/apache/apache2/conf/httpd.conf.h1

  • HTTP/2

$ honggfuzz/honggfuzz -i corpus_http2 -w ./httpd.wordlist -- ./apache2/bin/httpd -DFOREGROUND -f /home/$USER/fuzz/apache/apache2/conf/httpd.conf.h2