下载AFL

git clone https://github.com/google/AFL.git

Tips:需要将AFL/llvm_mode目录下alf-clang-fast.c中131~134行的代码给去掉,不然编译的时候会报错

image-20220306154520627

在AFL下make生成fuzzer

image-20220306154652875

下载测试的项目:

git clone https://gitee.com/src-openeuler/file.git

把C和C++的编译器改为afl的afl-clang-fast和afl-clang-fast++

1
2
export CC=/home/re1own/github/AFL/afl-clang-fast
export CXX=/home/re1own/github/AFL/afl-clang-fast++

指定下安装目录

1
./configure --enable-shared=no --prefix=/home/re1own/Project/install/

编译安装

1
2
make
make install

image-20220306151917157

编译安装完之后可以发现在之前创建和制定的install目录下有了用AFL插桩生成的目标程序了

telegram-cloud-photo-size-5-6131935855611326493-y

strings file | grep "afl"检查下是否插桩成功,字符串中有afl结合前面编译安装没有报错说明应该插桩成功了

image-20220306153619409

创建input、output文件夹,测试项目的tests文件下有输入文件,我们把它们转到input中当作种子,然后就可以用afl去fuzzing了

afl-fuzz -i input -o output -m none -t 500+ -- /home/re1own/Project/install/bin/file @@

image-20220306155011256

实验相关文件链接:https://github.com/Re1own/IoT_Sec/tree/main/Fuzz/openEuler/file-5.41