Preparing an Application for AFL-Fuzz

David Moore
Fuzz Stati0n
Published in
2 min readOct 2, 2017

To fuzz test a C or C++ application for security vulnerabilities and crashes there are a few things that should happen first:

A baby American Fuzzy Lop.
  • Make the program run fast. To complete a fuzz run in a reasonable amount of time, the fuzzer should be able to run at least 200 executions per second (AFL will give a warning if the app is too slow.) Run the program with a simple input file using the Linux time command — it should run in less than 0.005 seconds real time.
    If the application is too slow, could it be modified to run faster while still retaining the functionality to be fuzzed? Perhaps profiling the application to see what parts of the program are taking a lot of time would help.
    Please see AFL’s perf tips for more ideas.
  • Eliminate potential fuzzing bottlenecks. Some file formats use checksums — these will be impossible to fuzz around and will result in very limited code coverage (and probably a warning from AFL.) Comment out any code that does checksum verification.

For information on Fuzz Stati0n’s scalable, cloud based continuous fuzz testing solution (and our new training offering), please see our website.

--

--