* linux kernel (x509_cert) and process fuzzing example

* rework filters

* update to latest qemu

* working for process and kernel fuzzing

* new i2s mutator for binary only fuzzers

* refactoring modules with new filtering interface

* add state as parameter of harness

* hide unused global in usermode

* Script for stub bindings generation

* do not try to check whether it is worth generating the bindings, always
  generate when the env variable is on.

* add taplo to fmt_all.sh

* Moved fuzzers (again) in a target-centric way.

* fix rust 2024 warnings.

* new libafl_qemu harness structure.

* rename qemu_systemmode into qemu_baremetal

* fix qemu baremetal makefile

* fix formatter

---------

Co-authored-by: Toka <tokazerkje@outlook.com>

2024-09-26 14:29:33 +02:00

987 B

Raw Permalink Blame History

Dynamic Analysis Fuzzer

This fuzzer is to show how you can collect runtime analysis information during fuzzing using LibAFL. We use the Little-CMS project for the example. First, this fuzzer requires nlohmann-json3-dev to work.

To run the fuzzer:

Compile the fuzzer with cargo build --release
mkdir analysis and run build.sh. This will compile Little-CMS to extract the analysis information and generate a json file for each module.
run python3 concatenator.py analysis. This will concatenate all the json into one single file. This json file maps a function id to its analysis information.
Compile the fuzzer with cargo make fuzzer. This will instrument the fuzzer at every function entry point. Therefore, whenever we reach the entry of any function, we can log its id and logs what functions we executed.
Run the fuzzer RUST_LOG=info ./fuzzer --input ./corpus --output ./out. You'll see a stream of analysis data

987 B Raw Permalink Blame History

Dynamic Analysis Fuzzer

987 B

Raw Permalink Blame History