diff options
| author | van Hauser <vh@thc.org> | 2021-12-09 14:39:00 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-12-09 14:39:00 +0100 |
| commit | caf67efab14c5255fdd0ac7fb59dfaa64e6f36f4 (patch) | |
| tree | c2c609fbbf9851f55813bae1842b33ac3a0c7a6c /docs/fuzzing_in_depth.md | |
| parent | db360332c4cf92c3b90d8dfab9292763e677aebf (diff) | |
| parent | 3b287b7b0c669bae5961f7c8ebc1c5dd1a2842f7 (diff) | |
| download | afl++-caf67efab14c5255fdd0ac7fb59dfaa64e6f36f4.tar.gz | |
Merge pull request #1200 from AFLplusplus/rename
Rename
Diffstat (limited to 'docs/fuzzing_in_depth.md')
| -rw-r--r-- | docs/fuzzing_in_depth.md | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/docs/fuzzing_in_depth.md b/docs/fuzzing_in_depth.md index aaceb600..e1599c39 100644 --- a/docs/fuzzing_in_depth.md +++ b/docs/fuzzing_in_depth.md @@ -11,7 +11,7 @@ Fuzzing source code is a three-step process: 2. Prepare the fuzzing by selecting and optimizing the input corpus for the target. 3. Perform the fuzzing of the target by randomly mutating input and assessing if - a generated input was processed in a new path in the target binary. + that input was processed on a new path in the target binary. ## 0. Common sense risks @@ -354,7 +354,7 @@ You can find many good examples of starting files in the ### b) Making the input corpus unique Use the AFL++ tool `afl-cmin` to remove inputs from the corpus that do not -produce a new path in the target. +produce a new path/coverage in the target. Put all files from step a) into one directory, e.g., INPUTS. @@ -570,7 +570,7 @@ its name is unique, hence the recommendation for `-M main-$HOSTNAME`. Now there are three strategies on how you can sync between the servers: * never: sounds weird, but this makes every server an island and has the chance - the each follow different paths into the target. You can make this even more + that each follow different paths into the target. You can make this even more interesting by even giving different seeds to each server. * regularly (~4h): this ensures that all fuzzing campaigns on the servers "see" the same thing. It is like fuzzing on a huge server. @@ -633,7 +633,7 @@ AFL_BENCH_JUST_ONE=1 AFL_FAST_CAL=1 afl-fuzz -i newseeds -o out -S newseeds -- . ### g) Checking the coverage of the fuzzing -The `paths found` value is a bad indicator for checking how good the coverage +The `corpus count` value is a bad indicator for checking how good the coverage is. A better indicator - if you use default llvm instrumentation with at least @@ -822,7 +822,7 @@ as these are much shorter runnings. will impact the speed by ~15% though. * `AFL_FAST_CAL` - Enable fast calibration, this halves the time the saturated corpus needs to be loaded. - * `AFL_CMPLOG_ONLY_NEW` - only perform cmplog on new found paths, not the + * `AFL_CMPLOG_ONLY_NEW` - only perform cmplog on new finds, not the initial corpus as this very likely has been done for them already. * Keep the generated corpus, use afl-cmin and reuse it every time! |