diff options
Diffstat (limited to 'docs/life_pro_tips.txt')
| -rw-r--r-- | docs/life_pro_tips.txt | 128 |
1 files changed, 0 insertions, 128 deletions
diff --git a/docs/life_pro_tips.txt b/docs/life_pro_tips.txt deleted file mode 100644 index 27c70592..00000000 --- a/docs/life_pro_tips.txt +++ /dev/null @@ -1,128 +0,0 @@ -# =================== -# AFL "Life Pro Tips" -# =================== -# -# Bite-sized advice for those who understand the basics, but can't be bothered -# to read or memorize every other piece of documentation for AFL. -# - -% - -Get more bang for your buck by using fuzzing dictionaries. -See dictionaries/README.dictionaries to learn how. - -% - -You can get the most out of your hardware by parallelizing AFL jobs. -See docs/parallel_fuzzing.md for step-by-step tips. - -% - -Improve the odds of spotting memory corruption bugs with libdislocator.so! -It's easy. Consult libdislocator/README.dislocator for usage tips. - -% - -Want to understand how your target parses a particular input file? -Try the bundled afl-analyze tool; it's got colors and all! - -% - -You can visually monitor the progress of your fuzzing jobs. -Run the bundled afl-plot utility to generate browser-friendly graphs. - -% - -Need to monitor AFL jobs programmatically? Check out the fuzzer_stats file -in the AFL output dir or try afl-whatsup. - -% - -Puzzled by something showing up in red or purple in the AFL UI? -It could be important - consult docs/status_screen.txt right away! - -% - -Know your target? Convert it to persistent mode for a huge performance gain! -Consult section #5 in llvm_mode/README.llvm for tips. - -% - -Using clang? Check out llvm_mode/ for a faster alternative to afl-gcc! - -% - -Did you know that AFL can fuzz closed-source or cross-platform binaries? -Check out qemu_mode/README.qemu for more. - -% - -Did you know that afl-fuzz can minimize any test case for you? -Try the bundled afl-tmin tool - and get small repro files fast! - -% - -Not sure if a crash is exploitable? AFL can help you figure it out. Specify --C to enable the peruvian were-rabbit mode. See section #10 in README for more. - -% - -Trouble dealing with a machine uprising? Relax, we've all been there. -Find essential survival tips at http://lcamtuf.coredump.cx/prep/. - -% - -AFL-generated corpora can be used to power other testing processes. -See section #2 in README for inspiration - it tends to pay off! - -% - -Want to automatically spot non-crashing memory handling bugs? -Try running an AFL-generated corpus through ASAN, MSAN, or Valgrind. - -% - -Good selection of input files is critical to a successful fuzzing job. -See section #5 in README (or docs/perf_tips.txt) for pro tips. - -% - -You can improve the odds of automatically spotting stack corruption issues. -Specify AFL_HARDEN=1 in the environment to enable hardening flags. - -% - -Bumping into problems with non-reproducible crashes? It happens, but usually -isn't hard to diagnose. See section #7 in README for tips. - -% - -Fuzzing is not just about memory corruption issues in the codebase. Add some -sanity-checking assert() / abort() statements to effortlessly catch logic bugs. - -% - -Hey kid... pssst... want to figure out how AFL really works? -Check out docs/technical_details.txt for all the gory details in one place! - -% - -There's a ton of third-party helper tools designed to work with AFL! -Be sure to check out docs/sister_projects.txt before writing your own. - -% - -Need to fuzz the command-line arguments of a particular program? -You can find a simple solution in experimental/argv_fuzzing. - -% - -Attacking a format that uses checksums? Remove the checksum-checking code or -use a postprocessor! See experimental/post_library/ for more. - -% - -Dealing with a very slow target or hoping for instant results? Specify -d -when calling afl-fuzz! - -% |