Hacker News new | past | comments | ask | show | jobs | submit login

I would start with the AFL++ documentation (https://aflplus.plus/features/), and an open source program that you want to fuzz. The easiest programs to fuzz with AFL are ones that parse a file format from the command line, the smaller the better and written in C or C++ (just for ease of recompiling with instrumentation).

Parsing network protocols and ABIs is possible, but usually requires a fair amount of coding.




>The easiest programs to fuzz with AFL are ones that parse a file format from the command line, the smaller the better and written in C or C++ (just for ease of recompiling with instrumentation).

Thanks, this is useful context -- it's easy to get overwhelmed and quit early on with these sorts of things. It looks like someone else posted a set of exercises[1] using AFL that seem to be aimed at smaller programs like you describe.

[1] https://github.com/antonio-morales/Fuzzing101




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: