Seed input file format

[TOLUCHURI SHYAMILI SHANKER RAO]

Suppose a C program takes string/integer input using scanf(). Which file format should we use as seed inputs to fuzz the program?

[Connor Shugg]

Hi Toluchuri,

AFL’s input files should be in the same format that your target program expects to receive. A few examples:

* If you’re fuzzing a program that converts a JPG to a PNG, you would use JPG files are your inputs.

* If you’re fuzzing a JavaScript interpreter, you would use JS source code files as inputs.

In your case it sounds like your program is reading arbitrary text from stdin. So you would want to put that arbitrary text into plain text files for your inputs.

Happy fuzzing!

Connor

On Sun, Feb 19, 2023, 6:49 AM 'TOLUCHURI SHYAMILI SHANKER RAO' via afl-users <afl-...@googlegroups.com> wrote:

Suppose a C program takes string/integer input using scanf(). Which file format should we use as seed inputs to fuzz the program?

--
You received this message because you are subscribed to the Google Groups "afl-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to afl-users+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/afl-users/98670e5c-9330-4b17-b127-2727aee95a7fn%40googlegroups.com.

[TOLUCHURI SHYAMILI SHANKER RAO]

Hi, 

If the program is reading text from stdin, how will it read input from plain text files unless it has fopen(), fread(), fscanf() etc?

[Connor Shugg]

Great question. AFL actually assumes by default that the target program reads from stdin. It’ll take each text file you provide as input and pipe it into the target’s stdin during fuzzing.

Check out the AFL README for some more details on this: https://lcamtuf.coredump.cx/afl/README.txt. In particular, section 6, “Fuzzing binaries” describes what you’re asking.

Hope this helps!

Connor

To view this discussion on the web visit https://groups.google.com/d/msgid/afl-users/10a97cfe-3d8b-4093-a104-96cc2e534272n%40googlegroups.com.