blob: 93e8f35a9975b9a960ffa87ece0919b7414d28d4 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
# afl-frida - faster fuzzing of binary-only libraries
## Introduction
afl-frida is an example skeleton file which can easily be used to fuzz
a closed source library.
It requires less memory and is x5-10 faster than qemu_mode but does not
provide interesting features like compcov or cmplog.
## How-to
### Modify afl-frida.c
Read and modify afl-frida.c then `make`.
To adapt afl-frida.c to your needs, read the header of the file and then
search and edit the `STEP 1`, `STEP 2` and `STEP 3` locations.
### Fuzzing
Example (after modifying afl-frida.c to your needs and compile it):
```
afl-fuzz -i in -o out -- ./afl-frida
```
(or even remote via afl-network-proxy).
### Testing and debugging
For testing/debugging you can try:
```
make DEBUG=1
AFL_DEBUG=1 gdb ./afl-frida
```
and then you can easily set breakpoints to "breakpoint" and "fuzz".
# Background
This code ist copied for a larger part from https://github.com/meme/hotwax
|
