A Fuzzing Quick-start with AFL

Want to try fuzz testing with the AFL fuzzer? AFL is easy to use but you still need a target application to fuzz test.

Fuzz Station has created Fuzzgoat, a C program with several deliberate memory corruption bugs that are easily found by AFL. It makes a very easy to run fuzz testing target.

To fuzz test Fuzzgoat with AFL:

1. Download AFL from : http://lcamtuf.coredump.cx/afl/releases/afl-latest.tgz. Build it with make install . Please see the AFL quick start guide and docs for more info.
2. Clone the Fuzzgoat repo. Fuzzgoat builds with make. With afl-gcc in your PATH environment variable: make
3. Start the fuzzer. With afl-fuzz in your PATH, run the following command from the fuzzgoat/ directory:

afl-fuzz -i in -o out ./fuzzgoat @@

If all goes well the fuzz run will start and you will see the AFL status screen. On some systems configuration changes (cpu scaling and core dump handling) will be required — AFL give clear information on how to make these changes.

AFL can find the memory bugs in Fuzzgoat very quickly — you should see crashes in the status screen (see ‘uniq crashes’) very shortly — check the out/crashes/ directory for the files triggering these crashes.

For information on Fuzz Stati0n’s scalable, cloud based continuous fuzz testing solution, please see our website.