How to fuzz two or more inputs?
1,780 views
Skip to first unread message
ivanis...@gmail.com
Oct 10, 2016, 5:00:34 AM10/10/16
to afl-users
Hi Michal,
In many cases, the programs need two or more inputs from stdin or files, such as the following demo:
#include <stdio.h>
int main()
{
int A,B;
char *p=0;
printf("input A:\n");
scanf("%d",&A);
printf("input B:\n");
scanf("%d",&B);
if(A==88)
if(B==99)
printf("%c",*p);
return 0;
}
How can we use AFL to fuzz this demo?
Regards,
Ivan
Michal Zalewski
Oct 10, 2016, 3:11:48 PM10/10/16
to afl-users
> How can we use AFL to fuzz this demo?
You don't need to do anything special.
Keep in mind that since your code checks for two arbitrary 32-bit
integers before crashing, you will probably need to create a
dictionary for this target (or rewrite the code to use magic values
that can be brute-forced more easily).
/mz
Tim Newsham
Oct 10, 2016, 3:23:51 PM10/10/16
to afl-users, ivanis...@gmail.com
On Sunday, October 9, 2016 at 11:00:34 PM UTC-10, ivanis...@gmail.com wrote:
Hi Michal,In many cases, the programs need two or more inputs from stdin or files,
AFL provides the entire input file (or stdin). Your program reads from it, possibly reading it in parts, as your program does. You don't have to do anything special to support this.
Markus Teufelberger
Oct 13, 2016, 9:38:15 AM10/13/16
to afl-users, ivanis...@gmail.com
How would it work if the program instead would need to read from 2 input files (e.g. "foo -conf file1.cfg file2.xyz") that are both equally relevant for program flow instead of stdin?
I think something like a (serialized?) input file tuple instead of a single file might be useful in some cases, but might require some heavy lifting in the background.
I think something like a (serialized?) input file tuple instead of a single file might be useful in some cases, but might require some heavy lifting in the background.
woshich...@163.com
Aug 14, 2017, 11:09:37 AM8/14/17
to afl-users
Hi,
I has met the same problem. How to pass several stdin inputs to the binary though handshakes?
Regards,
Jakub Wilk
Aug 14, 2017, 11:37:51 AM8/14/17
to afl-...@googlegroups.com
* woshich...@163.com, 2017-08-14, 07:54:
You'll need to patch the target program to read single input, and then split
it yourself.
--
Jakub Wilk
>How to pass several stdin inputs to the binary though handshakes?
AFL doesn't support this out of the box, and probably never will.
You'll need to patch the target program to read single input, and then split
it yourself.
--
Jakub Wilk
Laboni
Mar 10, 2022, 2:56:54 PM3/10/22
to afl-users
Hi Michal,
I am a new user of afl (afl plus plus). I want to fuzz a program with multiple STDINs. Here, you mention about using a dictionary. Can you please elaborate on this or give me some documentation regarding this? (I read about dictionary but nothing for multiple STDINs)
Also, about the another solution with magic values, how that will work in the program?
Thanks in advance.
Regards,
Laboni
Reply all
Reply to author
Forward
0 new messages