How to use afl-fuzz (American Fuzzy Lop) with openssl

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP












1














I am trying to use afl-fuzz with openssl in Ubuntu. A normal usage of afl-fuzz would be:



afl-gcc test.c //-- this will produce a.out

mkdir testcases
echo "Test case here." > testcases/case1

afl-fuzz -i testcases -o findings ./a.out


Now for openssl it would be something like:



afl-gcc ./config
make //-- not sure of this :)
afl-fuzz -i test -o findings <exe_name>


where "test" is the folder with testcases for openssl



My question is what is the parameter for "exe_name" for openssl? And please correct me if i'm wrong with the rest of the code. Thank you










share|improve this question























  • Do you remember doing it? I am also compiling openssl with afl-gcc but it is causing issues
    – aneela
    Dec 28 '18 at 6:47















1














I am trying to use afl-fuzz with openssl in Ubuntu. A normal usage of afl-fuzz would be:



afl-gcc test.c //-- this will produce a.out

mkdir testcases
echo "Test case here." > testcases/case1

afl-fuzz -i testcases -o findings ./a.out


Now for openssl it would be something like:



afl-gcc ./config
make //-- not sure of this :)
afl-fuzz -i test -o findings <exe_name>


where "test" is the folder with testcases for openssl



My question is what is the parameter for "exe_name" for openssl? And please correct me if i'm wrong with the rest of the code. Thank you










share|improve this question























  • Do you remember doing it? I am also compiling openssl with afl-gcc but it is causing issues
    – aneela
    Dec 28 '18 at 6:47













1












1








1







I am trying to use afl-fuzz with openssl in Ubuntu. A normal usage of afl-fuzz would be:



afl-gcc test.c //-- this will produce a.out

mkdir testcases
echo "Test case here." > testcases/case1

afl-fuzz -i testcases -o findings ./a.out


Now for openssl it would be something like:



afl-gcc ./config
make //-- not sure of this :)
afl-fuzz -i test -o findings <exe_name>


where "test" is the folder with testcases for openssl



My question is what is the parameter for "exe_name" for openssl? And please correct me if i'm wrong with the rest of the code. Thank you










share|improve this question















I am trying to use afl-fuzz with openssl in Ubuntu. A normal usage of afl-fuzz would be:



afl-gcc test.c //-- this will produce a.out

mkdir testcases
echo "Test case here." > testcases/case1

afl-fuzz -i testcases -o findings ./a.out


Now for openssl it would be something like:



afl-gcc ./config
make //-- not sure of this :)
afl-fuzz -i test -o findings <exe_name>


where "test" is the folder with testcases for openssl



My question is what is the parameter for "exe_name" for openssl? And please correct me if i'm wrong with the rest of the code. Thank you







shell-script ubuntu gcc openssl testing






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Jun 4 '15 at 5:33







Bigulinis

















asked Jun 4 '15 at 5:15









BigulinisBigulinis

63




63











  • Do you remember doing it? I am also compiling openssl with afl-gcc but it is causing issues
    – aneela
    Dec 28 '18 at 6:47
















  • Do you remember doing it? I am also compiling openssl with afl-gcc but it is causing issues
    – aneela
    Dec 28 '18 at 6:47















Do you remember doing it? I am also compiling openssl with afl-gcc but it is causing issues
– aneela
Dec 28 '18 at 6:47




Do you remember doing it? I am also compiling openssl with afl-gcc but it is causing issues
– aneela
Dec 28 '18 at 6:47










2 Answers
2






active

oldest

votes


















0














I'm exactly sure what you mean by "parameter for "exe_name" for openssl", but:



afl-fuzz -i test -o findings ~/path/to/binary/to/fuzz @@


will fuzz the binary at ~/path/to/binary/to/fuzz, substituting @@ with the path the mutated test case generated from the seed files in test.






share|improve this answer




























    0














    You cannot use openssl binary just as it is. You need to write a separete program that will use openssl libraries and then fuzz its exe with afl-fuzz.



    Whole process will go like that



    Download openssl



    1. ./config // If you disable something here like no-comp then you have to run`make depend`.
    2. Replace gcc with afl-gcc in Makefile
    3. make && make install


    This process will compile openssl with afl-gcc and you can look how instrumention will be added to object files. In end you will get libssl.a and libcrypto.a files in openssl directory.



    After successful compilation of openssl, use it in a sample application say sample.c and then compile this file



    4. afl-gcc sample.c -o sample libssl.a libcrypto.a -ldl


    and then finally perform fuzzing
    5. afl-fuzz -i testcases -o findings -m none -- ./sample



    You can look at this and this to get some idea and even find sample files.






    share|improve this answer




















      Your Answer








      StackExchange.ready(function()
      var channelOptions =
      tags: "".split(" "),
      id: "106"
      ;
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function()
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled)
      StackExchange.using("snippets", function()
      createEditor();
      );

      else
      createEditor();

      );

      function createEditor()
      StackExchange.prepareEditor(
      heartbeatType: 'answer',
      autoActivateHeartbeat: false,
      convertImagesToLinks: false,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: null,
      bindNavPrevention: true,
      postfix: "",
      imageUploader:
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      ,
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      );



      );













      draft saved

      draft discarded


















      StackExchange.ready(
      function ()
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f207442%2fhow-to-use-afl-fuzz-american-fuzzy-lop-with-openssl%23new-answer', 'question_page');

      );

      Post as a guest















      Required, but never shown

























      2 Answers
      2






      active

      oldest

      votes








      2 Answers
      2






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      0














      I'm exactly sure what you mean by "parameter for "exe_name" for openssl", but:



      afl-fuzz -i test -o findings ~/path/to/binary/to/fuzz @@


      will fuzz the binary at ~/path/to/binary/to/fuzz, substituting @@ with the path the mutated test case generated from the seed files in test.






      share|improve this answer

























        0














        I'm exactly sure what you mean by "parameter for "exe_name" for openssl", but:



        afl-fuzz -i test -o findings ~/path/to/binary/to/fuzz @@


        will fuzz the binary at ~/path/to/binary/to/fuzz, substituting @@ with the path the mutated test case generated from the seed files in test.






        share|improve this answer























          0












          0








          0






          I'm exactly sure what you mean by "parameter for "exe_name" for openssl", but:



          afl-fuzz -i test -o findings ~/path/to/binary/to/fuzz @@


          will fuzz the binary at ~/path/to/binary/to/fuzz, substituting @@ with the path the mutated test case generated from the seed files in test.






          share|improve this answer












          I'm exactly sure what you mean by "parameter for "exe_name" for openssl", but:



          afl-fuzz -i test -o findings ~/path/to/binary/to/fuzz @@


          will fuzz the binary at ~/path/to/binary/to/fuzz, substituting @@ with the path the mutated test case generated from the seed files in test.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Jul 3 '15 at 23:25









          Joseph RedfernJoseph Redfern

          1761




          1761























              0














              You cannot use openssl binary just as it is. You need to write a separete program that will use openssl libraries and then fuzz its exe with afl-fuzz.



              Whole process will go like that



              Download openssl



              1. ./config // If you disable something here like no-comp then you have to run`make depend`.
              2. Replace gcc with afl-gcc in Makefile
              3. make && make install


              This process will compile openssl with afl-gcc and you can look how instrumention will be added to object files. In end you will get libssl.a and libcrypto.a files in openssl directory.



              After successful compilation of openssl, use it in a sample application say sample.c and then compile this file



              4. afl-gcc sample.c -o sample libssl.a libcrypto.a -ldl


              and then finally perform fuzzing
              5. afl-fuzz -i testcases -o findings -m none -- ./sample



              You can look at this and this to get some idea and even find sample files.






              share|improve this answer

























                0














                You cannot use openssl binary just as it is. You need to write a separete program that will use openssl libraries and then fuzz its exe with afl-fuzz.



                Whole process will go like that



                Download openssl



                1. ./config // If you disable something here like no-comp then you have to run`make depend`.
                2. Replace gcc with afl-gcc in Makefile
                3. make && make install


                This process will compile openssl with afl-gcc and you can look how instrumention will be added to object files. In end you will get libssl.a and libcrypto.a files in openssl directory.



                After successful compilation of openssl, use it in a sample application say sample.c and then compile this file



                4. afl-gcc sample.c -o sample libssl.a libcrypto.a -ldl


                and then finally perform fuzzing
                5. afl-fuzz -i testcases -o findings -m none -- ./sample



                You can look at this and this to get some idea and even find sample files.






                share|improve this answer























                  0












                  0








                  0






                  You cannot use openssl binary just as it is. You need to write a separete program that will use openssl libraries and then fuzz its exe with afl-fuzz.



                  Whole process will go like that



                  Download openssl



                  1. ./config // If you disable something here like no-comp then you have to run`make depend`.
                  2. Replace gcc with afl-gcc in Makefile
                  3. make && make install


                  This process will compile openssl with afl-gcc and you can look how instrumention will be added to object files. In end you will get libssl.a and libcrypto.a files in openssl directory.



                  After successful compilation of openssl, use it in a sample application say sample.c and then compile this file



                  4. afl-gcc sample.c -o sample libssl.a libcrypto.a -ldl


                  and then finally perform fuzzing
                  5. afl-fuzz -i testcases -o findings -m none -- ./sample



                  You can look at this and this to get some idea and even find sample files.






                  share|improve this answer












                  You cannot use openssl binary just as it is. You need to write a separete program that will use openssl libraries and then fuzz its exe with afl-fuzz.



                  Whole process will go like that



                  Download openssl



                  1. ./config // If you disable something here like no-comp then you have to run`make depend`.
                  2. Replace gcc with afl-gcc in Makefile
                  3. make && make install


                  This process will compile openssl with afl-gcc and you can look how instrumention will be added to object files. In end you will get libssl.a and libcrypto.a files in openssl directory.



                  After successful compilation of openssl, use it in a sample application say sample.c and then compile this file



                  4. afl-gcc sample.c -o sample libssl.a libcrypto.a -ldl


                  and then finally perform fuzzing
                  5. afl-fuzz -i testcases -o findings -m none -- ./sample



                  You can look at this and this to get some idea and even find sample files.







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Dec 28 '18 at 8:08









                  aneelaaneela

                  11114




                  11114



























                      draft saved

                      draft discarded
















































                      Thanks for contributing an answer to Unix & Linux Stack Exchange!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid


                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.

                      To learn more, see our tips on writing great answers.





                      Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


                      Please pay close attention to the following guidance:


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid


                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.

                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function ()
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f207442%2fhow-to-use-afl-fuzz-american-fuzzy-lop-with-openssl%23new-answer', 'question_page');

                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown






                      Popular posts from this blog

                      How to check contact read email or not when send email to Individual?

                      Displaying single band from multi-band raster using QGIS

                      How many registers does an x86_64 CPU actually have?