How to use afl-fuzz (American Fuzzy Lop) with openssl
I am trying to use afl-fuzz with openssl in Ubuntu. A normal usage of afl-fuzz would be:
afl-gcc test.c //-- this will produce a.out
mkdir testcases
echo "Test case here." > testcases/case1
afl-fuzz -i testcases -o findings ./a.out
Now for openssl it would be something like:
afl-gcc ./config
make //-- not sure of this :)
afl-fuzz -i test -o findings <exe_name>
where "test" is the folder with testcases for openssl
My question is what is the parameter for "exe_name" for openssl? And please correct me if i'm wrong with the rest of the code. Thank you
shell-script ubuntu gcc openssl testing
asked Jun 4 '15 at 5:15
Bigulinis
63
add a comment |
I am trying to use afl-fuzz with openssl in Ubuntu. A normal usage of afl-fuzz would be:
afl-gcc test.c //-- this will produce a.out
mkdir testcases
echo "Test case here." > testcases/case1
afl-fuzz -i testcases -o findings ./a.out
Now for openssl it would be something like:
afl-gcc ./config
make //-- not sure of this :)
afl-fuzz -i test -o findings <exe_name>
where "test" is the folder with testcases for openssl
My question is what is the parameter for "exe_name" for openssl? And please correct me if i'm wrong with the rest of the code. Thank you
shell-script ubuntu gcc openssl testing
asked Jun 4 '15 at 5:15
Bigulinis
63
Do you remember doing it? I am also compiling openssl with afl-gcc but it is causing issues
– aneela
1 hour ago
add a comment |
I am trying to use afl-fuzz with openssl in Ubuntu. A normal usage of afl-fuzz would be:
afl-gcc test.c //-- this will produce a.out
mkdir testcases
echo "Test case here." > testcases/case1
afl-fuzz -i testcases -o findings ./a.out
Now for openssl it would be something like:
afl-gcc ./config
make //-- not sure of this :)
afl-fuzz -i test -o findings <exe_name>
where "test" is the folder with testcases for openssl
My question is what is the parameter for "exe_name" for openssl? And please correct me if i'm wrong with the rest of the code. Thank you
shell-script ubuntu gcc openssl testing
asked Jun 4 '15 at 5:15
Bigulinis
63
I am trying to use afl-fuzz with openssl in Ubuntu. A normal usage of afl-fuzz would be:
afl-gcc test.c //-- this will produce a.out
mkdir testcases
echo "Test case here." > testcases/case1
afl-fuzz -i testcases -o findings ./a.out
Now for openssl it would be something like:
afl-gcc ./config
make //-- not sure of this :)
afl-fuzz -i test -o findings <exe_name>
where "test" is the folder with testcases for openssl
My question is what is the parameter for "exe_name" for openssl? And please correct me if i'm wrong with the rest of the code. Thank you
shell-script ubuntu gcc openssl testing
shell-script ubuntu gcc openssl testing
asked Jun 4 '15 at 5:15
Bigulinis
63
asked Jun 4 '15 at 5:15
Bigulinis
63
edited Jun 4 '15 at 5:33
asked Jun 4 '15 at 5:15
Bigulinis
63
asked Jun 4 '15 at 5:15
Bigulinis
63
asked Jun 4 '15 at 5:15
Bigulinis
63
63
Do you remember doing it? I am also compiling openssl with afl-gcc but it is causing issues
– aneela
1 hour ago
add a comment |
Do you remember doing it? I am also compiling openssl with afl-gcc but it is causing issues
– aneela
1 hour ago
Do you remember doing it? I am also compiling openssl with afl-gcc but it is causing issues
– aneela
1 hour ago
Do you remember doing it? I am also compiling openssl with afl-gcc but it is causing issues
– aneela
1 hour ago
add a comment |
2 Answers
2
active
oldest
votes
I'm exactly sure what you mean by "parameter for "exe_name" for openssl", but:
afl-fuzz -i test -o findings ~/path/to/binary/to/fuzz @@
will fuzz the binary at ~/path/to/binary/to/fuzz, substituting @@ with the path the mutated test case generated from the seed files in test.
answered Jul 3 '15 at 23:25
Joseph Redfern
1761
add a comment |
You cannot use openssl binary just as it is. You need to write a separete program that will use openssl libraries and then fuzz its exe with afl-fuzz.
Whole process will go like that
Download openssl
1. ./config // If you disable something here like no-comp then you have to run`make depend`.
2. Replace gcc with afl-gcc in Makefile
3. make && make install
This process will compile openssl with afl-gcc and you can look how instrumention will be added to object files. In end you will get libssl.a and libcrypto.a files in openssl directory.
After successful compilation of openssl, use it in a sample application say sample.c and then compile this file
4. afl-gcc sample.c -o sample libssl.a libcrypto.a -ldl
and then finally perform fuzzing
5. afl-fuzz -i testcases -o findings -m none -- ./sample
You can look at this and this to get some idea and even find sample files.
answered 19 mins ago
aneela
11114
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f207442%2fhow-to-use-afl-fuzz-american-fuzzy-lop-with-openssl%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
I'm exactly sure what you mean by "parameter for "exe_name" for openssl", but:
afl-fuzz -i test -o findings ~/path/to/binary/to/fuzz @@
will fuzz the binary at ~/path/to/binary/to/fuzz, substituting @@ with the path the mutated test case generated from the seed files in test.
answered Jul 3 '15 at 23:25
Joseph Redfern
1761
add a comment |
I'm exactly sure what you mean by "parameter for "exe_name" for openssl", but:
afl-fuzz -i test -o findings ~/path/to/binary/to/fuzz @@
will fuzz the binary at ~/path/to/binary/to/fuzz, substituting @@ with the path the mutated test case generated from the seed files in test.
answered Jul 3 '15 at 23:25
Joseph Redfern
1761
add a comment |
I'm exactly sure what you mean by "parameter for "exe_name" for openssl", but:
afl-fuzz -i test -o findings ~/path/to/binary/to/fuzz @@
will fuzz the binary at ~/path/to/binary/to/fuzz, substituting @@ with the path the mutated test case generated from the seed files in test.
answered Jul 3 '15 at 23:25
Joseph Redfern
1761
I'm exactly sure what you mean by "parameter for "exe_name" for openssl", but:
afl-fuzz -i test -o findings ~/path/to/binary/to/fuzz @@
will fuzz the binary at ~/path/to/binary/to/fuzz, substituting @@ with the path the mutated test case generated from the seed files in test.
answered Jul 3 '15 at 23:25
Joseph Redfern
1761
answered Jul 3 '15 at 23:25
Joseph Redfern
1761
answered Jul 3 '15 at 23:25
Joseph Redfern
1761
answered Jul 3 '15 at 23:25
Joseph Redfern
1761
1761
add a comment |
add a comment |
You cannot use openssl binary just as it is. You need to write a separete program that will use openssl libraries and then fuzz its exe with afl-fuzz.
Whole process will go like that
Download openssl
1. ./config // If you disable something here like no-comp then you have to run`make depend`.
2. Replace gcc with afl-gcc in Makefile
3. make && make install
This process will compile openssl with afl-gcc and you can look how instrumention will be added to object files. In end you will get libssl.a and libcrypto.a files in openssl directory.
After successful compilation of openssl, use it in a sample application say sample.c and then compile this file
4. afl-gcc sample.c -o sample libssl.a libcrypto.a -ldl
and then finally perform fuzzing
5. afl-fuzz -i testcases -o findings -m none -- ./sample
You can look at this and this to get some idea and even find sample files.
answered 19 mins ago
aneela
11114
add a comment |
You cannot use openssl binary just as it is. You need to write a separete program that will use openssl libraries and then fuzz its exe with afl-fuzz.
Whole process will go like that
Download openssl
1. ./config // If you disable something here like no-comp then you have to run`make depend`.
2. Replace gcc with afl-gcc in Makefile
3. make && make install
This process will compile openssl with afl-gcc and you can look how instrumention will be added to object files. In end you will get libssl.a and libcrypto.a files in openssl directory.
After successful compilation of openssl, use it in a sample application say sample.c and then compile this file
4. afl-gcc sample.c -o sample libssl.a libcrypto.a -ldl
and then finally perform fuzzing
5. afl-fuzz -i testcases -o findings -m none -- ./sample
You can look at this and this to get some idea and even find sample files.
answered 19 mins ago
aneela
11114
add a comment |
You cannot use openssl binary just as it is. You need to write a separete program that will use openssl libraries and then fuzz its exe with afl-fuzz.
Whole process will go like that
Download openssl
1. ./config // If you disable something here like no-comp then you have to run`make depend`.
2. Replace gcc with afl-gcc in Makefile
3. make && make install
This process will compile openssl with afl-gcc and you can look how instrumention will be added to object files. In end you will get libssl.a and libcrypto.a files in openssl directory.
After successful compilation of openssl, use it in a sample application say sample.c and then compile this file
4. afl-gcc sample.c -o sample libssl.a libcrypto.a -ldl
and then finally perform fuzzing
5. afl-fuzz -i testcases -o findings -m none -- ./sample
You can look at this and this to get some idea and even find sample files.
answered 19 mins ago
aneela
11114
You cannot use openssl binary just as it is. You need to write a separete program that will use openssl libraries and then fuzz its exe with afl-fuzz.
Whole process will go like that
Download openssl
1. ./config // If you disable something here like no-comp then you have to run`make depend`.
2. Replace gcc with afl-gcc in Makefile
3. make && make install
This process will compile openssl with afl-gcc and you can look how instrumention will be added to object files. In end you will get libssl.a and libcrypto.a files in openssl directory.
After successful compilation of openssl, use it in a sample application say sample.c and then compile this file
4. afl-gcc sample.c -o sample libssl.a libcrypto.a -ldl
and then finally perform fuzzing
5. afl-fuzz -i testcases -o findings -m none -- ./sample
You can look at this and this to get some idea and even find sample files.
answered 19 mins ago
aneela
11114
answered 19 mins ago
aneela
11114
answered 19 mins ago
aneela
11114
answered 19 mins ago
aneela
11114
11114
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f207442%2fhow-to-use-afl-fuzz-american-fuzzy-lop-with-openssl%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Do you remember doing it? I am also compiling openssl with afl-gcc but it is causing issues
– aneela
1 hour ago