From 744ad172e12e051117e54b2e97f3727532190064 Mon Sep 17 00:00:00 2001 From: martinclauss <51541424+martinclauss@users.noreply.github.com> Date: Tue, 1 Mar 2022 15:42:04 +0100 Subject: Update fuzzing_in_depth.md add libdesock as an additional way to ease the fuzzing for network servers (#1341) --- docs/fuzzing_in_depth.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'docs/fuzzing_in_depth.md') diff --git a/docs/fuzzing_in_depth.md b/docs/fuzzing_in_depth.md index ac72c757..a9151a25 100644 --- a/docs/fuzzing_in_depth.md +++ b/docs/fuzzing_in_depth.md @@ -817,9 +817,9 @@ Here are some of the most important caveats for AFL++: - There is no direct support for fuzzing network services, background daemons, or interactive apps that require UI interaction to work. You may need to make - simple code changes to make them behave in a more traditional way. Preeny may + simple code changes to make them behave in a more traditional way. Preeny or libdesock may offer a relatively simple option, too - see: - [https://github.com/zardus/preeny](https://github.com/zardus/preeny) + [https://github.com/zardus/preeny](https://github.com/zardus/preeny) or [https://github.com/fkie-cad/libdesock](https://github.com/fkie-cad/libdesock) Some useful tips for modifying network-based services can be also found at: [https://www.fastly.com/blog/how-to-fuzz-server-american-fuzzy-lop](https://www.fastly.com/blog/how-to-fuzz-server-american-fuzzy-lop) -- cgit 1.4.1 From a133aa91064df78298f762b5dc52e69ae7b0ae96 Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Fri, 18 Mar 2022 15:47:20 +0000 Subject: docs: Document linker scripts change required in some projects AFL instrumentation modifies the binary to export extra symbols which must be visible if the main binary dlopen()s an instrumented DLL. This change was required by nbdkit since it uses a linker script to limit the symbols exported from the main binary: https://gitlab.com/nbdkit/nbdkit/-/commit/355cacb812126f5e37a2468f6939821b15017373 Signed-off-by: Richard W.M. Jones --- docs/fuzzing_in_depth.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'docs/fuzzing_in_depth.md') diff --git a/docs/fuzzing_in_depth.md b/docs/fuzzing_in_depth.md index ac72c757..f7f5f2e8 100644 --- a/docs/fuzzing_in_depth.md +++ b/docs/fuzzing_in_depth.md @@ -333,6 +333,24 @@ is a non-standard way to set this, otherwise set up the build normally and edit the generated build environment afterwards manually to point it to the right compiler (and/or `RANLIB` and `AR`). +#### Linker scripts + +If the project uses linker scripts to hide the symbols exported by the +binary, then you may see errors such as: + +``` +undefined symbol: __afl_area_ptr +``` + +The solution is to modify the linker script to add: + +``` +{ + global: + __afl_*; +} +``` + ### f) Better instrumentation If you just fuzz a target program as-is, you are wasting a great opportunity for -- cgit 1.4.1