ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-12 18:18:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update FAQ.md

Browse Source
This commit is contained in:
llzmb
2021-09-03 12:50:28 +02:00
parent 583b8e849b
commit d63afa5046
1 changed files with 107 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
docs/FAQ.md
View File

@ -3,31 +3,10 @@
If you find an interesting or important question missing, submit it via
[https://github.com/AFLplusplus/AFLplusplus/discussions](https://github.com/AFLplusplus/AFLplusplus/discussions).
### General
## General
* [What is the difference between AFL and AFL++?](#what-is-the-difference-between-afl-and-afl)
* [Where can I find tutorials?](#where-can-i-find-tutorials)
* [What is an "edge"?](#what-is-an-edge)
### Targets
* [How can I fuzz a binary-only target?](#how-can-i-fuzz-a-binary-only-target)
* [How can I fuzz a network service?](#how-can-i-fuzz-a-network-service)
* [How can I fuzz a GUI program?](#how-can-i-fuzz-a-gui-program)
### Performance
* [How can I improve the fuzzing speed?](#how-can-i-improve-the-fuzzing-speed)
* [Why is my stability below 100%?](#why-is-my-stability-below-100)
* [How can I improve the stability value?](#how-can-i-improve-the-stability-value)
### Troubleshooting
* [I got a weird compile error from clang](#i-got-a-weird-compile-error-from-clang)
## Questions & answers
### What is the difference between AFL and AFL++?
<details>
<summary>What is the difference between AFL and AFL++?</summary>
AFL++ is a superior fork to Google's AFL - more speed, more and better mutations, more and better instrumentation, custom module support, etc.
@ -41,12 +20,16 @@ This already resulted in a much advanced AFL.
Until the end of 2019, the AFL++ team had grown to four active developers which then implemented their own research and features, making it now by far the most flexible and feature rich guided fuzzer available as open source.
And in independent fuzzing benchmarks it is one of the best fuzzers available, e.g. [Fuzzbench Report](https://www.fuzzbench.com/reports/2020-08-03/index.html).
</details>
### Where can I find tutorials?
<details>
<summary>Where can I find tutorials?</summary>
We compiled a list of tutorials and exercises, see [tutorials.md](tutorials.md).
</details>
### What is an "edge"?
<details>
<summary>What is an "edge"?</summary>
A program contains `functions`, `functions` contain the compiled machine code.
The compiled machine code in a `function` can be in a single or many `basic blocks`.
@ -89,32 +72,46 @@ An `edge` is then the unique relationship between two directly connected `basic
Every line between two blocks is an `edge`.
Note that a few basic block loop to itself, this too would be an edge.
</details>
### How can I fuzz a binary-only target?
## Targets
<details>
<summary>How can I fuzz a binary-only target?</summary>
AFL++ is a great fuzzer if you have the source code available.
However, if there is only the binary program and no source code available, then the standard non-instrumented mode is not effective.
To learn how these binaries can be fuzzed, read [binaryonly_fuzzing.md](binaryonly_fuzzing.md).
</details>
### How can I fuzz a network service?
<details>
<summary>How can I fuzz a network service?</summary>
The short answer is - you cannot, at least not "out of the box".
For more information on fuzzing network services, see [best_practices.md#fuzzing-a-network-service](best_practices.md#fuzzing-a-network-service).
</details>
### How can I fuzz a GUI program?
<details>
<summary>How can I fuzz a GUI program?</summary>
Not all GUI programs are suitable for fuzzing. If the GUI program can read the fuzz data from a file without needing any user interaction, then it would be suitable for fuzzing.
For more information on fuzzing GUI programs, see [best_practices.md#fuzzing-a-gui-program](best_practices.md#fuzzing-a-gui-program).
</details>
### How can I improve the fuzzing speed?
## Performance
<details>
<summary>How can I improve the fuzzing speed?</summary>
There are a few things you can do to improve the fuzzing speed, see [best_practices.md#improving-speed](best_practices.md#improving-speed).
</details>
### Why is my stability below 100%?
<details>
<summary>Why is my stability below 100%?</summary>
Stability is measured by how many percent of the edges in the target are "stable".
Sending the same input again and again should take the exact same path through the target every time.
@ -128,13 +125,13 @@ The more "unstable" edges, the more difficult for AFL++ to identify valid new pa
A value above 90% is usually fine and a value above 80% is also still ok, and even a value above 20% can still result in successful finds of bugs.
However, it is recommended that for values below 90% or 80% you should take countermeasures to improve stability.
### How can I improve the stability value?
This depends on the target and the instrumentation.
For more information on stability and how to improve the stability value, see [best_practices.md#improving-stability](best_practices.md#improving-stability).
</details>
### I got a weird compile error from clang
## Troubleshooting
<details>
<summary>I got a weird compile error from clang.</summary>
If you see this kind of error when trying to instrument a target with afl-cc/afl-clang-fast/afl-clang-lto:
@ -153,3 +150,4 @@ clang-13: note: diagnostic msg:
Then this means that your OS updated the clang installation from an upgrade package and because of that the AFL++ llvm plugins do not match anymore.
Solution: `git pull ; make clean install` of AFL++.
</details>