ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-20 05:23:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

update binary-only doc

Browse Source
This commit is contained in:
vanhauser-thc
2021-05-22 12:08:19 +02:00
parent bd1ceb42c4
commit 9e6e7e8fe8
1 changed files with 19 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
docs/binaryonly_fuzzing.md
View File

@ -42,6 +42,23 @@
As it is included in afl++ this needs no URL. As it is included in afl++ this needs no URL.
## AFL FRIDA
In frida_mode you can fuzz binary-only targets easily like with QEMU,
with the advantage that frida_mode also works on MacOS (both intel and M1).
If you want to fuzz a binary-only library then you can fuzz it with
frida-gum via utils/afl_frida/, you will have to write a harness to
call the target function in the library, use afl-frida.c as a template.
Both come with afl++ so this needs no URL.
You can also perform remote fuzzing with frida, e.g. if you want to fuzz
on iPhone or Android devices, for this you can use
[https://github.com/ttdennis/fpicker/](https://github.com/ttdennis/fpicker/)
as an intermediate that uses afl++ for fuzzing.
## WINE+QEMU ## WINE+QEMU
Wine mode can run Win32 PE binaries with the QEMU instrumentation. Wine mode can run Win32 PE binaries with the QEMU instrumentation.
@ -62,13 +79,6 @@
As it is included in afl++ this needs no URL. As it is included in afl++ this needs no URL.
## AFL FRIDA
If you want to fuzz a binary-only shared library then you can fuzz it with
frida-gum via utils/afl_frida/, you will have to write a harness to
call the target function in the library, use afl-frida.c as a template.
## AFL UNTRACER ## AFL UNTRACER
If you want to fuzz a binary-only shared library then you can fuzz it with If you want to fuzz a binary-only shared library then you can fuzz it with
@ -157,19 +167,6 @@
If anyone finds any coresight implementation for afl please ping me: vh@thc.org If anyone finds any coresight implementation for afl please ping me: vh@thc.org
## FRIDA
Frida is a dynamic instrumentation engine like Pintool, Dyninst and Dynamorio.
What is special is that it is written Python, and scripted with Javascript.
It is mostly used to reverse binaries on mobile phones however can be used
everywhere.
There is a WIP fuzzer available at [https://github.com/andreafioraldi/frida-fuzzer](https://github.com/andreafioraldi/frida-fuzzer)
There is also an early implementation in an AFL++ test branch:
[https://github.com/AFLplusplus/AFLplusplus/tree/frida](https://github.com/AFLplusplus/AFLplusplus/tree/frida)
## PIN & DYNAMORIO ## PIN & DYNAMORIO
Pintool and Dynamorio are dynamic instrumentation engines, and they can be Pintool and Dynamorio are dynamic instrumentation engines, and they can be
@ -205,7 +202,8 @@
* QSYM: [https://github.com/sslab-gatech/qsym](https://github.com/sslab-gatech/qsym) * QSYM: [https://github.com/sslab-gatech/qsym](https://github.com/sslab-gatech/qsym)
* Manticore: [https://github.com/trailofbits/manticore](https://github.com/trailofbits/manticore) * Manticore: [https://github.com/trailofbits/manticore](https://github.com/trailofbits/manticore)
* S2E: [https://github.com/S2E](https://github.com/S2E) * S2E: [https://github.com/S2E](https://github.com/S2E)
* Tinyinst [https://github.com/googleprojectzero/TinyInst](https://github.com/googleprojectzero/TinyInst) (Mac/Windows only) * Tinyinst: [https://github.com/googleprojectzero/TinyInst](https://github.com/googleprojectzero/TinyInst) (Mac/Windows only)
* Jackalope: [https://github.com/googleprojectzero/Jackalope](https://github.com/googleprojectzero/Jackalope)
* ... please send me any missing that are good * ... please send me any missing that are good