diff options
| author | van Hauser <vh@thc.org> | 2019-05-28 16:40:24 +0200 |
|---|---|---|
| committer | van Hauser <vh@thc.org> | 2019-05-28 16:40:24 +0200 |
| commit | f367728c4435670caf2e9cc5acad257e7766cc65 (patch) | |
| tree | 5a4f587630b161f32a548f5c196032e2566741e2 /docs/QuickStartGuide.txt | |
| parent | 1b3d018d35d9091bda28e38e066a99491f2415b5 (diff) | |
| download | afl++-f367728c4435670caf2e9cc5acad257e7766cc65.tar.gz | |
afl++ 2.52c initial commit
Diffstat (limited to 'docs/QuickStartGuide.txt')
| -rw-r--r-- | docs/QuickStartGuide.txt | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/docs/QuickStartGuide.txt b/docs/QuickStartGuide.txt new file mode 100644 index 00000000..abe7032f --- /dev/null +++ b/docs/QuickStartGuide.txt @@ -0,0 +1,49 @@ +===================== +AFL quick start guide +===================== + +You should read docs/README. It's pretty short. If you really can't, here's +how to hit the ground running: + +1) Compile AFL with 'make'. If build fails, see docs/INSTALL for tips. + +2) Find or write a reasonably fast and simple program that takes data from + a file or stdin, processes it in a test-worthy way, then exits cleanly. + If testing a network service, modify it to run in the foreground and read + from stdin. When fuzzing a format that uses checksums, comment out the + checksum verification code, too. + + The program must crash properly when a fault is encountered. Watch out for + custom SIGSEGV or SIGABRT handlers and background processes. For tips on + detecting non-crashing flaws, see section 11 in docs/README. + +3) Compile the program / library to be fuzzed using afl-gcc. A common way to + do this would be: + + CC=/path/to/afl-gcc CXX=/path/to/afl-g++ ./configure --disable-shared + make clean all + + If program build fails, ping <afl-users@googlegroups.com>. + +4) Get a small but valid input file that makes sense to the program. When + fuzzing verbose syntax (SQL, HTTP, etc), create a dictionary as described in + dictionaries/README.dictionaries, too. + +5) If the program reads from stdin, run 'afl-fuzz' like so: + + ./afl-fuzz -i testcase_dir -o findings_dir -- \ + /path/to/tested/program [...program's cmdline...] + + If the program takes input from a file, you can put @@ in the program's + command line; AFL will put an auto-generated file name in there for you. + +6) Investigate anything shown in red in the fuzzer UI by promptly consulting + docs/status_screen.txt. + +That's it. Sit back, relax, and - time permitting - try to skim through the +following files: + + - docs/README - A general introduction to AFL, + - docs/perf_tips.txt - Simple tips on how to fuzz more quickly, + - docs/status_screen.txt - An explanation of the tidbits shown in the UI, + - docs/parallel_fuzzing.txt - Advice on running AFL on multiple cores. |