>(add to that that some people probably fuzz without noticing that their setup
>doesn't do anything at all)
Actually that's something I was wanting to bring up as a side-effect of trying
to sort out the file-truncation problem I mentioned in an earlier post (which
I've now determined is limited to just one system, so "don't do that, then" is
a quick fix for now).
afl doesn't provide any easy way to distinguish general diagnostic output from
status-screen output, it's really all-or-nothing, which makes it a pain to try
and script because the useful output ("something seems to have gone wrong and
afl is now spinning in a tight loop") is mixed in with endless status-screen
updates. Would it be possible to add an option to disable the status screen,
so only the general diagnostic output is produced?
Related to this, I'm using fuzzer_stats to monitor and display progress (so I
get pinged when things happen), however doing a resume ("-i -") seems to reset
the stats, so the monitoring script can't track the current state. It'd be
good to have afl continue from the previous fuzzer_stats info rather than
resetting the counters.
tl;dr: There are some (hopefully minor) changes that could be made to afl to
make it more easily scriptable.
Peter.
Hi,
Just something that's been in my mind for a while: I hear and read
quite often that people tend to fuzz for very long times - weeks or
even months - on a single software/input.
I wonder how much sense that makes.
My personal experience is pretty much that most bugs turn up within
minutes, some within hours and when the process ran for a day I don't
expect that anything interesting will show up any more.
I feel that there is a lot of ressource wasting going on (add to that
that some people probably fuzz without noticing that their setup
doesn't do anything at all). When afl doesn't find something
within a day I see this as a signal that I need to move on and try
something new.
And to make this a bit more concrete: If you feel you had relevant
success in the past after fuzzing more than a day on a reasonably
current machine can you post the details in a way that I can try to
reproduce it? (Something like "I found CVE-2014-xxxx in libxyz
version 1.2.3 - afl ran for three days without any crashes and on day
four I found it")
I would like to see this question answered in a reasonable way to give
people better guidance how to fuzz, so I intend to set up some
experiments to replicate past bug findings.
cu,
--
Hanno Böck
http://hboeck.de/
mail/jabber: ha...@hboeck.de
GPG: BBB51E42
--
You received this message because you are subscribed to the Google Groups "afl-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to afl-users+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
And to make this a bit more concrete: If you feel you had relevant
success in the past after fuzzing more than a day on a reasonably
current machine can you post the details in a way that I can try to
reproduce it?
--