domenukNov 17, 2022

Fuzzing in persistent mode and got hard-to-replay crashes a few hundred executions in?

There's a handy flag in afl++: AFL_PERSISTENT_RECORD

With this compile-time and run-time flag, afl-fuzz will store every single input it delivered to the target that leads up to a crash.

So, say the target forked, ran 300 executions, then crashed, you will have the complete trace of 300 inputs leading up to the corpus program state.

This way you can replay traces for more stateful crashes.

@aflplusplus #fuzzing #fuzzingTips

Show threadThe Hacker‘s Choice
@dmnk @aflplusplus that #fuzzingtips hashtag is a good idea, we should use that more thoroughly in the future. and a good feature in mastodon that you can follow hashtags. #fuzzing
Nov 17, 2022 at 9:03amWeb