Custom mutator s in AFL?
801 views
Skip to first unread message
Sergey Davidoff
Sep 24, 2018, 9:21:13 PM9/24/18
to afl-users
Hey everyone,
I've been looking into writing a custom mutator for highly structured data recently. Other feedback-driven fuzzers (libfuzzer and honggfuzz) allow this - see e.g. https://llvm.org/docs/LibFuzzer.html#user-supplied-mutators
I've found a reference to a Python scripting extension for AFL that allows custom mutators (see https://github.com/choller/afl/blob/master/docs/mozilla/python_modules.txt ) but I fear that would be too slow for my purposes. Is there a way to achieve the same using a C API? Modifying AFL source code is a last-resort option and I'd prefer not to go down that path.
Thanks!
☣Adam
Sep 24, 2018, 10:02:25 PM9/24/18
to afl-...@googlegroups.com
I sort of have an answer for you. We took WinAFL and gave it a nice mutator interface. It now runs on Windows, Linux, and macOS (maybe other UNIXes, we haven't tested on anything else):
Our mutators are in the repo below (so you have some examples).
We also have a modified version of honggfuzz which uses the same mutator API:
Now for the bad news, we don't have AFL's source level instrumentation implemented yet, nor qemu. It won't be difficult to copy the code over (licenses are compatible, yay), but we just haven't gotten around to it yet. We do have the fork server pulled over as we needed that for the IntelPT instrumentation.
The instrumentation is also following a nice API, so hopefully it's as easy to extend as we envision. :-)
If you want any tech support, just hit me up off list. It'll be good to see where our documentation is insufficient.
Cheers,
Adam
--
You received this message because you are subscribed to the Google Groups "afl-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to afl-users+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Nicolas Grégoire
Sep 30, 2018, 5:19:17 PM9/30/18
to afl-...@googlegroups.com
Hi,
> I've found a reference to a Python scripting extension for AFL that
> allows custom mutators (see https://github.com/choller/afl/blob/maste
> r/docs/mozilla/python_modules.txt ) but I fear that would be too slow
> for my purposes.
from my testing, speed is more than decent. I however had to optimize
some parts of my Python code (mostly slow operations related to
databases or networking).
Regards,
Nicolas
> I've found a reference to a Python scripting extension for AFL that
> allows custom mutators (see https://github.com/choller/afl/blob/maste
> r/docs/mozilla/python_modules.txt ) but I fear that would be too slow
> for my purposes.
some parts of my Python code (mostly slow operations related to
databases or networking).
Regards,
Nicolas
Reply all
Reply to author
Forward
0 new messages