From 2fe7889912c9bb340f302a037585b7b1836ac94f Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Mon, 3 Feb 2020 13:11:10 +0100 Subject: move custom and pythoon mutators examples into examples/ --- examples/custom_mutators/README | 2 ++ examples/custom_mutators/simple_mutator.c | 49 +++++++++++++++++++++++++++++++ 2 files changed, 51 insertions(+) create mode 100644 examples/custom_mutators/README create mode 100644 examples/custom_mutators/simple_mutator.c (limited to 'examples/custom_mutators') diff --git a/examples/custom_mutators/README b/examples/custom_mutators/README new file mode 100644 index 00000000..e83baa67 --- /dev/null +++ b/examples/custom_mutators/README @@ -0,0 +1,2 @@ +This is a simple example for the AFL_CUSTOM_MUTATOR_LIBRARY feature. +For more information see docs/custom_mutator.txt diff --git a/examples/custom_mutators/simple_mutator.c b/examples/custom_mutators/simple_mutator.c new file mode 100644 index 00000000..bf655679 --- /dev/null +++ b/examples/custom_mutators/simple_mutator.c @@ -0,0 +1,49 @@ +/* + Simple Custom Mutator for AFL + + Written by Khaled Yakdan + + This a simple mutator that assumes that the generates messages starting with + one of the three strings GET, PUT, or DEL followed by a payload. The mutator + randomly selects a commend and mutates the payload of the seed provided as + input. +*/ + +#include +#include +#include + +static const char *commands[] = { + + "GET", + "PUT", + "DEL", + +}; + +static size_t data_size = 100; + +size_t afl_custom_mutator(uint8_t *data, size_t size, uint8_t *mutated_out, + size_t max_size, unsigned int seed) { + + // Seed the PRNG + srand(seed); + + // Make sure that the packet size does not exceed the maximum size expected by + // the fuzzer + size_t mutated_size = data_size <= max_size ? data_size : max_size; + + // Randomly select a command string to add as a header to the packet + memcpy(mutated_out, commands[rand() % 3], 3); + + // Mutate the payload of the packet + for (int i = 3; i < mutated_size; i++) { + + mutated_out[i] = (data[i] + rand() % 10) & 0xff; + + } + + return mutated_size; + +} + -- cgit 1.4.1