How afl-proxy make use of coverage guidance
38 views
Skip to first unread message
Tarun Kumar
Nov 25, 2022, 12:41:10 AM11/25/22
to afl-users
Hi,
I am surprised how can afl-proxy.c make use this coverage guidance to perform mutation of the input corpus while it does not have any information about the target binary or its ELF/map file etc. Could someone please share some pointers how does it make use of this guidance ?
I have added instrumentation to my FW (which runs on a separate HW device) and coverage guidance is generated. I used -fplugin=afl-gcc-pass -Wno-maybe-uninitialized for adding the instrumentation.
On the host side I use afl-proxy.c for fuzzing. I send the guidance available from my FW (separate HW ) to afl-proxy.c (on host).
I am surprised how can afl-proxy.c make use this coverage guidance to perform mutation of the input corpus while it does not have any information about the target binary or its ELF/map file etc. Could someone please share some pointers how does it make use of this guidance ?
Thanks and regards,
Tarun
Reply all
Reply to author
Forward
0 new messages