diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/Changelog.md | 10 | ||||
| -rw-r--r-- | docs/INSTALL.md | 1 | ||||
| -rw-r--r-- | docs/custom_mutators.md | 17 |
3 files changed, 23 insertions, 5 deletions
diff --git a/docs/Changelog.md b/docs/Changelog.md index 38e2e6bc..c5eb6be3 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -4,8 +4,14 @@ release of the tool. See README.md for the general instruction manual. ### Version ++4.05a (dev) - - your PR? :) - + - afl-fuzz: + - added afl_custom_fuzz_send custom mutator feature. Now your can + send fuzz data to the target as you need, e.g. via IPC. + - cmplog mode now has -l R option for random colorization, thanks + to guyf2010 for the PR! + - afl-showmap/afl-cmin + - -t none now translates to -t 120000 (120 seconds) + - unicorn_mode updated ### Version ++4.04c (release) - fix gramatron and grammar_mutator build scripts diff --git a/docs/INSTALL.md b/docs/INSTALL.md index 86ba916f..591b7ded 100644 --- a/docs/INSTALL.md +++ b/docs/INSTALL.md @@ -83,6 +83,7 @@ These build options exist: * UBSAN_BUILD - compiles AFL++ tools with undefined behaviour sanitizer for debug purposes * DEBUG - no optimization, -ggdb3, all warnings and -Werror +* LLVM_DEBUG - shows llvm deprecation warnings * PROFILING - compile afl-fuzz with profiling information * INTROSPECTION - compile afl-fuzz with mutation introspection * NO_PYTHON - disable python support diff --git a/docs/custom_mutators.md b/docs/custom_mutators.md index 6b72430a..4ffeda7a 100644 --- a/docs/custom_mutators.md +++ b/docs/custom_mutators.md @@ -57,6 +57,7 @@ int afl_custom_post_trim(void *data, unsigned char success); size_t afl_custom_havoc_mutation(void *data, unsigned char *buf, size_t buf_size, unsigned char **out_buf, size_t max_size); unsigned char afl_custom_havoc_mutation_probability(void *data); unsigned char afl_custom_queue_get(void *data, const unsigned char *filename); +void (*afl_custom_fuzz_send)(void *data, const u8 *buf, size_t buf_size); u8 afl_custom_queue_new_entry(void *data, const unsigned char *filename_new_queue, const unsigned int *filename_orig_queue); const char* afl_custom_introspection(my_mutator_t *data); void afl_custom_deinit(void *data); @@ -98,6 +99,9 @@ def havoc_mutation_probability(): def queue_get(filename): return True +def fuzz_send(buf): + pass + def queue_new_entry(filename_new_queue, filename_orig_queue): return False @@ -168,6 +172,13 @@ def deinit(): # optional for Python to the target, e.g. if it is too short, too corrupted, etc. If so, return a NULL buffer and zero length (or a 0 length string in Python). +- `fuzz_send` (optional): + + This method can be used if you want to send data to the target yourself, + e.g. via IPC. This replaces some usage of utils/afl_proxy but requires + that you start the target with afl-fuzz. + Example: [custom_mutators/examples/custom_send.c](custom_mutators/examples/custom_send.c) + - `queue_new_entry` (optional): This methods is called after adding a new test case to the queue. If the @@ -269,10 +280,10 @@ sudo apt install python-dev ``` Then, AFL++ can be compiled with Python support. The AFL++ Makefile detects -Python 2 and 3 through `python-config` if it is in the PATH and compiles -`afl-fuzz` with the feature if available. +Python3 through `python-config`/`python3-config` if it is in the PATH and +compiles `afl-fuzz` with the feature if available. -Note: for some distributions, you might also need the package `python[23]-apt`. +Note: for some distributions, you might also need the package `python[3]-apt`. In case your setup is different, set the necessary variables like this: `PYTHON_INCLUDE=/path/to/python/include LDFLAGS=-L/path/to/python/lib make`. |