diff options
| author | llzmb <46303940+llzmb@users.noreply.github.com> | 2021-08-15 21:19:44 +0200 |
|---|---|---|
| committer | llzmb <46303940+llzmb@users.noreply.github.com> | 2021-08-16 21:53:22 +0200 |
| commit | 8948fdcf4c66ad2a5fa81dad46c5e46a12a798fb (patch) | |
| tree | 645f65b8347761acf8380d02c2c62f6ac1d2fa45 /docs/FAQ.md | |
| parent | 85a7195631f43fdbd337e6fedac53b0475353139 (diff) | |
| download | afl++-8948fdcf4c66ad2a5fa81dad46c5e46a12a798fb.tar.gz | |
Update FAQ.md
Diffstat (limited to 'docs/FAQ.md')
| -rw-r--r-- | docs/FAQ.md | 116 |
1 files changed, 71 insertions, 45 deletions
diff --git a/docs/FAQ.md b/docs/FAQ.md index 73b9992b..4b6b815f 100644 --- a/docs/FAQ.md +++ b/docs/FAQ.md @@ -1,64 +1,38 @@ -# Frequently asked questions and troubleshooting +# Frequently asked questions (FAQ) If you find an interesting or important question missing, submit it via [https://github.com/AFLplusplus/AFLplusplus/issues](https://github.com/AFLplusplus/AFLplusplus/issues). -## Contents +### General - * [What is the difference between AFL and AFL++?](#what-is-the-difference-between-afl-and-afl) - * [I got a weird compile error from clang](#i-got-a-weird-compile-error-from-clang) - * [How can I improve the fuzzing speed?](#how-can-i-improve-the-fuzzing-speed) - * [How can I fuzz a network service?](#how-can-i-fuzz-a-network-service) - * [How can I fuzz a GUI program?](#how-can-i-fuzz-a-gui-program) + * [What is the difference between afl and afl++?](#what-is-the-difference-between-afl-and-afl) * [What is an edge?](#what-is-an-edge) - * [Why is my stability below 100%?](#why-is-my-stability-below-100) - * [How can I improve the stability value?](#how-can-i-improve-the-stability-value) - -## What is the difference between AFL and AFL++? -AFL++ is a superior fork to Google's AFL - more speed, more and better mutations, more and better instrumentation, custom module support, etc. - -For more information about the history of AFL++, see [docs/history_afl++.md](docs/history_afl++.md). +### Targets -## I got a weird compile error from clang - -If you see this kind of error when trying to instrument a target with afl-cc/ -afl-clang-fast/afl-clang-lto: -``` -/prg/tmp/llvm-project/build/bin/clang-13: symbol lookup error: /usr/local/bin/../lib/afl//cmplog-instructions-pass.so: undefined symbol: _ZNK4llvm8TypeSizecvmEv -clang-13: error: unable to execute command: No such file or directory -clang-13: error: clang frontend command failed due to signal (use -v to see invocation) -clang version 13.0.0 (https://github.com/llvm/llvm-project 1d7cf550721c51030144f3cd295c5789d51c4aad) -Target: x86_64-unknown-linux-gnu -Thread model: posix -InstalledDir: /prg/tmp/llvm-project/build/bin -clang-13: note: diagnostic msg: -******************** -``` -Then this means that your OS updated the clang installation from an upgrade -package and because of that the AFL++ llvm plugins do not match anymore. - -Solution: `git pull ; make clean install` of AFL++ - -## How can I improve the fuzzing speed? + * [How can I fuzz a binary-only target?](#how-can-i-fuzz-a-binary-only-target) + * [How can I fuzz a network service?](#how-can-i-fuzz-a-network-service) + * [How can I fuzz a GUI program?](#how-can-i-fuzz-a-gui-program) -See [docs/best_practices.md#improving-speed](docs/best_practices.md#improving-speed). +### Performance -## How can I improve the stability value? + * [How can I improve the fuzzing speed?](#how-can-i-improve-the-fuzzing-speed) + * [Why is my stability below 100%?](#why-is-my-stability-below-100) + * [How can I improve the stability value?](#how-can-i-improve-the-stability-value) -See [docs/best_practices.md#improving-stability](docs/best_practices.md#improving-stability). +### Troubleshooting -## How can I fuzz a network service? + * [I got a weird compile error from clang](#i-got-a-weird-compile-error-from-clang) -The short answer is - you cannot, at least not "out of the box". +## Questions & answers -For more information, see [docs/best_practices.md#fuzzing-network-service](docs/best_practices.md#fuzzing-network-service). +### What is the difference between AFL and AFL++? -## How can I fuzz a GUI program? +AFL++ is a superior fork to Google's AFL - more speed, more and better mutations, more and better instrumentation, custom module support, etc. -See [docs/best_practices.md#fuzzing-gui-program](docs/best_practices.md#fuzzing-gui-program). +For more information about the history of AFL++, see [docs/history_afl++.md](docs/history_afl++.md). -## What is an "edge"? +### What is an "edge"? A program contains `functions`, `functions` contain the compiled machine code. The compiled machine code in a `function` can be in a single or many `basic blocks`. @@ -101,7 +75,31 @@ code example above): Every line between two blocks is an `edge`. Note that a few basic block loop to itself, this too would be an edge. -## Why is my stability below 100%? +### How can I fuzz a binary-only target? + +AFL++ is a great fuzzer if you have the source code available. + +However, if there is only the binary program and no source code available, then the standard non-instrumented mode is not effective. + +To learn how these binaries can be fuzzed, read [binaryonly_fuzzing.md](binaryonly_fuzzing.md). + +### How can I fuzz a network service? + +The short answer is - you cannot, at least not "out of the box". + +For more information on fuzzing network services, see [docs/best_practices.md#fuzzing-network-service](docs/best_practices.md#fuzzing-network-service). + +### How can I fuzz a GUI program? + +Not all GUI programs are suitable for fuzzing. If the GUI program can read the fuzz data from a file without needing any user interaction, then it would be suitable for fuzzing. + +For more information on fuzzing GUI programs, see [docs/best_practices.md#fuzzing-gui-program](docs/best_practices.md#fuzzing-gui-program). + +### How can I improve the fuzzing speed? + +There are a few things you can do to improve the fuzzing speed, see [docs/best_practices.md#improving-speed](docs/best_practices.md#improving-speed). + +### Why is my stability below 100%? Stability is measured by how many percent of the edges in the target are "stable". Sending the same input again and again should take the exact same @@ -119,3 +117,31 @@ A value above 90% is usually fine and a value above 80% is also still ok, and even a value above 20% can still result in successful finds of bugs. However, it is recommended that for values below 90% or 80% you should take countermeasures to improve stability. + +### How can I improve the stability value? + +This depends on the target and the instrumentation. + +For more information on stability and how to improve the stability value, see [docs/best_practices.md#improving-stability](docs/best_practices.md#improving-stability). + +### I got a weird compile error from clang + +If you see this kind of error when trying to instrument a target with afl-cc/ +afl-clang-fast/afl-clang-lto: + +``` +/prg/tmp/llvm-project/build/bin/clang-13: symbol lookup error: /usr/local/bin/../lib/afl//cmplog-instructions-pass.so: undefined symbol: _ZNK4llvm8TypeSizecvmEv +clang-13: error: unable to execute command: No such file or directory +clang-13: error: clang frontend command failed due to signal (use -v to see invocation) +clang version 13.0.0 (https://github.com/llvm/llvm-project 1d7cf550721c51030144f3cd295c5789d51c4aad) +Target: x86_64-unknown-linux-gnu +Thread model: posix +InstalledDir: /prg/tmp/llvm-project/build/bin +clang-13: note: diagnostic msg: +******************** +``` + +Then this means that your OS updated the clang installation from an upgrade +package and because of that the AFL++ llvm plugins do not match anymore. + +Solution: `git pull ; make clean install` of AFL++ \ No newline at end of file |